[Freeipa-users] How to disable First time password change on IPA user
David Kupka
dkupka at redhat.com
Wed Dec 14 06:37:35 UTC 2016
On 13/12/16 13:44, Ben .T.George wrote:
> HI
>
> How to disable first time password change on newly created user from web UI
>
> Regards,
> Ben
>
>
>
Hi Ben,
AFAIK this is not possible to do using the API.
One hacky way I can think of is modifying the krbPasswordExpiration
attribute in the 389ds after creation of the user.
$ sudo ldapmodify -D "cn=Directory Manager" -w Secret123 -h $HOSTNAME <<
END_LDIF
dn: uid=tuser,cn=users,cn=accounts,dc=example,dc=com
changetype: modify
replace: krbPasswordExpiration
krbPasswordExpiration: $(date -u -d "@$(($(date +'%s')+(90*24*3600)))"
+'%Y%m%d%H%M%S'Z)
END_LDIF
It works but I would not recommend using it in production environment.
--
David Kupka
More information about the Freeipa-users
mailing list