On 13/12/16 13:44, Ben .T.George wrote:

How to disable first time password change on newly created user from web UI


Hi Ben,
AFAIK this is not possible to do using the API.

One hacky way I can think of is modifying the krbPasswordExpiration attribute in the 389ds after creation of the user.

$ sudo ldapmodify -D "cn=Directory Manager" -w Secret123 -h $HOSTNAME << END_LDIF
dn: uid=tuser,cn=users,cn=accounts,dc=example,dc=com
changetype: modify
replace: krbPasswordExpiration
krbPasswordExpiration: $(date -u -d "@$(($(date +'%s')+(90*24*3600)))" +'%Y%m%d%H%M%S'Z)

It works but I would not recommend using it in production environment.

David Kupka

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to