Michael Gusek via FreeIPA-users wrote: > Hey, > > you can try something like this: > > ipa user-find --sizelimit=0 | grep "Anmeldename:" | awk '{ print $2 }' | > xargs -i 'bash -c "echo password | ipa user-mod {} --passwd"' > > This will reset all passwords to password 'password'. Each user have to > login with new password and have to change that immediately. You can > expand one liner to exclude some accounts with > > ipa user-find --sizelimit=0 | grep "Anmeldename:" | grep -v "admin" | > grep -v "some_account" | awk ... > > "Anmeldename:" fits for an german locale, please change that for your > locale.
Another option would be to collect the list of user in a similar way that Michael suggests and then change krbpasswordexpiration to something way in the past to expire the *current* password. Then users won't all have the same or similar password and/or you don't need to distribute new passwords to everyone. The thing is though you need to be Directory Manager to write that attribute so you'd collect all the userids and then you'd need to loop through them using ldapmodify to set a new value. rob > > Micha > > > Am 25.09.2017 um 13:18 schrieb xattab--- via FreeIPA-users: >> Hi! >> >> I changed password police and i need force everyone (excluding one >> directory) to change passwords. >> >> How to implement it ? >> _______________________________________________ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org