Hello Everyone, I'm testing out a FreeIPA password reset app and was wondering about its use of an API call to reset the user's password.
The code in question is at https://github.com/larrabee/freeipa-password-reset/blob/master/PasswordReset/app/pwdmanager.py and it's at line 61/62: api.Command.user_mod(uid=unicode(uid), userpassword=unicode(password)) api.Command.user_mod(uid=unicode(uid), setattr=unicode("krbPasswordExpiration={0}".format(date))) When using the API, do you need to manually set the password expiration date? The reason I ask is because while testing, that code raises an exception with the error message "Insufficient access: Insufficient 'write' privilege to the 'krbPasswordExpiration' attribute of entry 'uid=test,cn=users,cn=accounts,dc=dev,dc=example,dc=net'." I checked the permission "System: Change User Password" and it doesn't include krbPasswordExpiration as a writable attribute. I know that if you use ldapmodify to manually set the user's password, you do need to also modify the krbPasswordExpiration attribute, but I wasn't sure when modifying via the IPA API. I hope this makes sense, thank you to everyone who answers questions on this list, you really positively impact the open source community! Many Thanks, Anthony
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
