Michael Gusek via FreeIPA-users wrote:
> Hey,
>
> you can try something like this:
>
> ipa user-find --sizelimit=0 | grep "Anmeldename:" | awk '{ print $2 }' |
> xargs -i 'bash -c "echo password | ipa user-mod {} --passwd"'
>
> This will reset all passwords to password 'password'. Each user have to
> login with new password and have to change that immediately. You can
> expand one liner to exclude some accounts with
>
> ipa user-find --sizelimit=0 | grep "Anmeldename:" | grep -v "admin" |
> grep -v "some_account" | awk ...
>
> "Anmeldename:" fits for an german locale, please change that for your
> locale.
Another option would be to collect the list of user in a similar way
that Michael suggests and then change krbpasswordexpiration to something
way in the past to expire the *current* password. Then users won't all
have the same or similar password and/or you don't need to distribute
new passwords to everyone.
The thing is though you need to be Directory Manager to write that
attribute so you'd collect all the userids and then you'd need to loop
through them using ldapmodify to set a new value.
rob
>
> Micha
>
>
> Am 25.09.2017 um 13:18 schrieb xattab--- via FreeIPA-users:
>> Hi!
>>
>> I changed password police and i need force everyone (excluding one
>> directory) to change passwords.
>>
>> How to implement it ?
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
