Il 16/12/2015 16:07, Alexander Bokovoy ha scritto:
On Wed, 16 Dec 2015, Giulio Casella wrote:
Hi guys,
I'm trying to populate FreeIPA (4.2.3) using API, but after user
creation (and password has been set) user must change password at
first logon. Same beahviour after a password change by admin.

Although this behaviour is desirable in many situations, I can't
afford it, I've got to import tens of thousands users, and I can't
force them to change their password.
How can I bypass this password change?

And, by the way: is there a way to disable password expiration?
http://www.freeipa.org/page/New_Passwords_Expired

If you are using API to create users and set their passwords, you can
use technique like described here:
https://www.redhat.com/archives/freeipa-users/2012-June/msg00360.html


Thank you for the info Alexander, I wasn't aware of the page
/ipa/session/change_password.

After creating a user via API in the usual way (json submission to /ipa/session/json) I can perform a password change submitting user credential to /ipa/session/change_password, thus resetting password expiration accordingly to system settings.

It works like a charme.

Thank you again,
Giulio.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to