[Freeipa-users] IdM Password Expiration
Robert Locke
rlocke at redhat.com
Tue Aug 4 15:01:22 UTC 2015
Hey folks,
I have been using the following to adjust the Password Expiration of
accounts in IdM/IPA:
echo "$ADMIN_PASS" | kinit admin
echo -e "dn:
uid=rheluseri,cn=users,cn=accounts,dc=example,dc=com\nchangetype: modify
\nreplace: krbPasswordExpiration\nkrbPasswordExpiration: 20300101000000Z
\n" | ldapmodify -x -D 'cn=Directory Manager' -w $ADMIN_PASS
This has worked nicely for me.
My "new" problem is that the admin account itself expires after 90 days.
I thought since ldapsearch does show the admin account, that simply
substituting the uid might work.
echo -e "dn: uid=admin,cn=users,cn=accounts,dc=example,dc=com
\nchangetype: modify\nreplace: krbPasswordExpiration
\nkrbPasswordExpiration: 20300101000000Z\n" | ldapmodify -x -D
'cn=Directory Manager' -w $ADMIN_PASS
My attempts to adjust the admin account in this similar fashion have
been not surprisingly unsuccessful.
Suggestions/pointers?
--Rob
--
Robert Locke Google Voice: (203) 794-6007
Senior Curriculum Developer rlocke at redhat.com
GnuPG: A334 CAB1 451A 6083 CDD8 40FE A5DE E418 82E0 0780
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150804/0e37b8bd/attachment.sig>
More information about the Freeipa-users
mailing list