Cool :) thanks both of you for the feedback! On Aug 18, 2016 2:12 PM, "Dieter Klünter" <[email protected]> wrote:
> Am Thu, 18 Aug 2016 13:06:06 +0200 > schrieb "PenguinWhispererThe ." <[email protected]>: > > > Thanks for that good pointer Dieter. > > Although it will force the user to change his password I'm not sure > > this will do the trick in our case. We have a custom passwd script > > that keeps both ldap and nis in sync. With the above I believe the > > Nis password won't be updated. > > > > So is there a way to actually update the pwdChangedTime? (Even out of > > pure curiosity) > > man ldapmodify(1), read about relax extension. > > -Dieter > > > > Thanks > > > > On Aug 17, 2016 11:38, "Dieter Klünter" <[email protected]> wrote: > > > > Am Wed, 17 Aug 2016 10:46:58 +0200 > > schrieb "PenguinWhispererThe ." <[email protected]>: > > > > > Hi all, > > > > > > I've noticed that after a password reset pwdChangedTime gets > > > updated. > > > > > > This is fine. We do have a policy in place that doesn't let you > > > modify your password again within a few days. > > > > > > I'd like to reset/change this pwdChangedTime so the user can reset > > > his password himself after logging in with the supplied password. > > > However deleting/modifying pwdChangedTime doesn't work. > > > > > > How should I resolve this? > > > I'm pretty sure this is not an ACL issue as my user matches the > > > first entry and is allowed to write all. > > > > > > I've seen some docs from IBM about removing pwdChangedTime being > > > possible but that might not apply to openldap. > > > > > man slapo-ppolicy(5), read carefully the comments on pwdReset. > > > > -Dieter > > > > -- > > Dieter Klünter | Systemberatung > > http://sys4.de > > GPG Key ID: E9ED159B > > 53°37'09,95"N > > 10°08'02,42"E > > > > -- > Dieter Klünter | Systemberatung > http://sys4.de > GPG Key ID: E9ED159B > 53°37'09,95"N > 10°08'02,42"E > >
