Hey folks,

I have been using the following to adjust the Password Expiration of
accounts in IdM/IPA:
        echo "$ADMIN_PASS" | kinit admin
        echo -e "dn:
uid=rheluseri,cn=users,cn=accounts,dc=example,dc=com\nchangetype: modify
\nreplace: krbPasswordExpiration\nkrbPasswordExpiration: 20300101000000Z
\n" | ldapmodify -x -D 'cn=Directory Manager' -w $ADMIN_PASS

This has worked nicely for me.

My "new" problem is that the admin account itself expires after 90 days.
I thought since ldapsearch does show the admin account, that simply
substituting the uid might work.

        echo -e "dn: uid=admin,cn=users,cn=accounts,dc=example,dc=com
\nchangetype: modify\nreplace: krbPasswordExpiration
\nkrbPasswordExpiration: 20300101000000Z\n" | ldapmodify -x -D
'cn=Directory Manager' -w $ADMIN_PASS

My attempts to adjust the admin account in this similar fashion have
been not surprisingly unsuccessful.



Robert Locke                 Google Voice: (203) 794-6007
Senior Curriculum Developer             rlo...@redhat.com
GnuPG: A334 CAB1 451A 6083 CDD8  40FE A5DE E418 82E0 0780

Attachment: signature.asc
Description: This is a digitally signed message part

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to