On Sun, 2012-12-23 at 17:33 -0600, Kyle Harris wrote: > I have a perl script that allows for the creation of new accounts in > OpenLDAP. I am attempting to find a way to force the newly created > user to change his or her password upon first login. I tried setting > the attribute pwdMustChange to TRUE but that attribute must not be > definable upon user creation. So, how can this be accomplished so > that a new user is forced to change passwords after they first log on?
If your applications that are doing the authentication are using PAM, setting the shadowLastChange attribute to 0 should do the trick. You should probably grant the user the right permissions to update the userPassword and shadowLastChange attributes. -- -- arthur - [email protected] - http://arthurdejong.org --
signature.asc
Description: This is a digitally signed message part
