[Freeipa-users] Force to change password in first login

Rodney L. Mercer rmercer at harris.com
Tue Oct 8 17:45:36 UTC 2013 

I've used grub-md5-crypt to create a password for an openldap server and
used this format:
# grub-md5-crypt 
Password: 
Retype password: 
$1$mGzMO1$zF/c9QxKV.ZZXwlvyR8UO1

Here is the ldif that I used to modify the entry on the openldap server:

#cat usermod.ldif
dn: uid=username,cn=users,cn=accounts,dc=example,dc=com
changetype: modify
replace: userPassword
userPassword: {crypt}$1$mGzMO1$zF/c9QxKV.ZZXwlvyR8UO1


I'm not sure if this will work for the directory server that IPA uses?

Worth a shot I suppose.

Rodney.



On Tue, 2013-10-08 at 12:28 -0500, cbulist at gmail.com wrote:
> Rodney,
> 
> Thanks!...I forgot it totally...
> 
> Let me ask you about modify the password using ldapmodify command, I
> tried changing userPassword attribute with {MD5} encryption and it did
> not work.
> 
> ldapmodify -x -H ldap://ipaserver -D "cn=directory manager" -w
> 'password' <<EOF
> changetype: modify
> replace: userPassword
> userPassword: {MD5}QvdJref54ZW/R183pEyvyw==
> EOF
> 
> Do I need to modify another attribute?...any clue?
> 
> Thanks in advance!
> 
> 
> 
> On 10/08/2013 12:07 PM, Rodney L. Mercer wrote:
> > I've used this to extend the password expiration. It "should" work for
> > setting an expired password expiration. You have to hit enter twice
> > after the krbPasswordExpiration: 20131008000000Z line.
> >
> > # ldapmodify -x -D 'cn=Directory Manager' -W
> >  Enter LDAP Password:
> >  dn: uid=username,cn=users,cn=accounts,dc=example,dc=com
> >  changetype: modify
> >  replace: krbPasswordExpiration
> >  krbPasswordExpiration: 20131008000000Z
> >
> >
> > modifying entry
> > "uid=username,cn=users,cn=accounts,dc=example,dc=com"
> >
> > ctrl-d
> >
> >
> >
> > On Tue, 2013-10-08 at 11:51 -0500, cbulist at gmail.com wrote:
> >> Hi All,
> >>
> >> I created a script to add users to freeipa using ldapadd command and it
> >> works great. Now I want to forcibly change the password in the first
> >> user login. What attribute do I have to change to accomplish this?
> >>
> >> Thanks!
> >>
> >> _______________________________________________
> >> Freeipa-users mailing list
> >> Freeipa-users at redhat.com
> >> https://www.redhat.com/mailman/listinfo/freeipa-users
>

More information about the Freeipa-users mailing list