Yes, when receiving your email I found that indeed. My ldapEditor doesn't allow me to add that value, so this need to be done using the commandline ?
2015-02-05 15:03 GMT+01:00 Rob Crittenden <[email protected]>: > Matt . wrote: >> HI, >> >> I'm already doing so without any luck. If you remember something, >> would be nice to know! >> >> So it should be possible to do still ? > > If the DN of the entry adding the password is in passSyncManagersDNs in > the entry dn: cn=ipa_pwd_extop,cn=plugins,cn=config then the password > will not be marked as expired (password policy is not applied at all IIRC). > > rob > >> >> 2015-02-05 14:26 GMT+01:00 Dmitri Pal <[email protected]>: >>> On 02/05/2015 07:59 AM, Matt . wrote: >>>> >>>> Hi, >>>> >>>> OK, but as far as I understand we made some change, using a >>>> commandline command which I cannot remember or find, which goes around >>>> the password policy, or the attribute you talk about, when you add a >>>> user. >>>> >>>> Can I change that globally? As we did it seems... but we were testing >>>> so much back those days that it seems to be lost or so. >>> >>> >>> I do not remember the detils from top of my head. You can probably try to >>> search the mail archives. >>> >>>> >>>> >>>> Thanks, >>>> >>>> Matt >>>> >>>> 2015-02-05 13:21 GMT+01:00 Dmitri Pal <[email protected]>: >>>>> >>>>> On 02/05/2015 05:54 AM, Matt . wrote: >>>>>> >>>>>> In the past we have done some testsetups with password expiring after >>>>>> we added a user, at the moment I have difficulties with this on 4.1.2 >>>>>> >>>>>> What I need is the following: >>>>>> >>>>>> - We add a user using json/kinit >>>>>> - The user is added in the right way >>>>>> - tThe user should be able to use his set password by the admin (at >>>>>> least >>>>>> ldap) >>>>>> >>>>>> At the moment the password is expired directly and I tried adding the >>>>>> user with min/max lifetime to 0/0 which didn't work out. Als 0/500 >>>>>> doesn't seem to fix my issue. >>>>>> >>>>>> I thought we had to do a little but more to accomplish this, but I'm >>>>>> not able to find this (anymore) >>>>>> >>>>>> Does someone have a clue how to fix this ? I'm quite sure this is >>>>>> possible. >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Matt >>>>>> >>>>> It was always the feature of IPA to require password change on the first >>>>> login after it was created. >>>>> If you do not want it to be expired you need to change the expiration >>>>> attribute of the account not min max life. >>>>> >>>>> -- >>>>> Thank you, >>>>> Dmitri Pal >>>>> >>>>> Sr. Engineering Manager IdM portfolio >>>>> Red Hat, Inc. >>>>> >>>>> -- >>>>> Manage your subscription for the Freeipa-users mailing list: >>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>>> Go To http://freeipa.org for more info on the project >>> >>> >>> >>> -- >>> Thank you, >>> Dmitri Pal >>> >>> Sr. Engineering Manager IdM portfolio >>> Red Hat, Inc. >>> >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
