Re: [Freeipa-users] Force to change password in first login
I've used this to extend the password expiration. It should work for setting an expired password expiration. You have to hit enter twice after the krbPasswordExpiration: 2013100800Z line. # ldapmodify -x -D 'cn=Directory Manager' -W Enter LDAP Password: dn: uid=username,cn=users,cn=accounts,dc=example,dc=com changetype: modify replace: krbPasswordExpiration krbPasswordExpiration: 2013100800Z modifying entry uid=username,cn=users,cn=accounts,dc=example,dc=com ctrl-d On Tue, 2013-10-08 at 11:51 -0500, cbul...@gmail.com wrote: Hi All, I created a script to add users to freeipa using ldapadd command and it works great. Now I want to forcibly change the password in the first user login. What attribute do I have to change to accomplish this? Thanks! ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Force to change password in first login
Rodney,
Thanks!...I forgot it totally...
Let me ask you about modify the password using ldapmodify command, I
tried changing userPassword attribute with {MD5} encryption and it did
not work.
ldapmodify -x -H ldap://ipaserver -D cn=directory manager -w
'password' EOF
changetype: modify
replace: userPassword
userPassword: {MD5}QvdJref54ZW/R183pEyvyw==
EOF
Do I need to modify another attribute?...any clue?
Thanks in advance!
On 10/08/2013 12:07 PM, Rodney L. Mercer wrote:
I've used this to extend the password expiration. It should work for
setting an expired password expiration. You have to hit enter twice
after the krbPasswordExpiration: 2013100800Z line.
# ldapmodify -x -D 'cn=Directory Manager' -W
Enter LDAP Password:
dn: uid=username,cn=users,cn=accounts,dc=example,dc=com
changetype: modify
replace: krbPasswordExpiration
krbPasswordExpiration: 2013100800Z
modifying entry
uid=username,cn=users,cn=accounts,dc=example,dc=com
ctrl-d
On Tue, 2013-10-08 at 11:51 -0500, cbul...@gmail.com wrote:
Hi All,
I created a script to add users to freeipa using ldapadd command and it
works great. Now I want to forcibly change the password in the first
user login. What attribute do I have to change to accomplish this?
Thanks!
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Force to change password in first login
I've used grub-md5-crypt to create a password for an openldap server and
used this format:
# grub-md5-crypt
Password:
Retype password:
$1$mGzMO1$zF/c9QxKV.ZZXwlvyR8UO1
Here is the ldif that I used to modify the entry on the openldap server:
#cat usermod.ldif
dn: uid=username,cn=users,cn=accounts,dc=example,dc=com
changetype: modify
replace: userPassword
userPassword: {crypt}$1$mGzMO1$zF/c9QxKV.ZZXwlvyR8UO1
I'm not sure if this will work for the directory server that IPA uses?
Worth a shot I suppose.
Rodney.
On Tue, 2013-10-08 at 12:28 -0500, cbul...@gmail.com wrote:
Rodney,
Thanks!...I forgot it totally...
Let me ask you about modify the password using ldapmodify command, I
tried changing userPassword attribute with {MD5} encryption and it did
not work.
ldapmodify -x -H ldap://ipaserver -D cn=directory manager -w
'password' EOF
changetype: modify
replace: userPassword
userPassword: {MD5}QvdJref54ZW/R183pEyvyw==
EOF
Do I need to modify another attribute?...any clue?
Thanks in advance!
On 10/08/2013 12:07 PM, Rodney L. Mercer wrote:
I've used this to extend the password expiration. It should work for
setting an expired password expiration. You have to hit enter twice
after the krbPasswordExpiration: 2013100800Z line.
# ldapmodify -x -D 'cn=Directory Manager' -W
Enter LDAP Password:
dn: uid=username,cn=users,cn=accounts,dc=example,dc=com
changetype: modify
replace: krbPasswordExpiration
krbPasswordExpiration: 2013100800Z
modifying entry
uid=username,cn=users,cn=accounts,dc=example,dc=com
ctrl-d
On Tue, 2013-10-08 at 11:51 -0500, cbul...@gmail.com wrote:
Hi All,
I created a script to add users to freeipa using ldapadd command and it
works great. Now I want to forcibly change the password in the first
user login. What attribute do I have to change to accomplish this?
Thanks!
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Force to change password in first login
Rodney L. Mercer wrote:
I've used grub-md5-crypt to create a password for an openldap server and
used this format:
# grub-md5-crypt
Password:
Retype password:
$1$mGzMO1$zF/c9QxKV.ZZXwlvyR8UO1
Here is the ldif that I used to modify the entry on the openldap server:
#cat usermod.ldif
dn: uid=username,cn=users,cn=accounts,dc=example,dc=com
changetype: modify
replace: userPassword
userPassword: {crypt}$1$mGzMO1$zF/c9QxKV.ZZXwlvyR8UO1
I'm not sure if this will work for the directory server that IPA uses?
Worth a shot I suppose.
crypt will work. Or you can pass it in the clear and it will encrypt it
for you using the default password scheme, SSHA1 IIRC.
rob
Rodney.
On Tue, 2013-10-08 at 12:28 -0500, cbul...@gmail.com wrote:
Rodney,
Thanks!...I forgot it totally...
Let me ask you about modify the password using ldapmodify command, I
tried changing userPassword attribute with {MD5} encryption and it did
not work.
ldapmodify -x -H ldap://ipaserver -D cn=directory manager -w
'password' EOF
changetype: modify
replace: userPassword
userPassword: {MD5}QvdJref54ZW/R183pEyvyw==
EOF
Do I need to modify another attribute?...any clue?
Thanks in advance!
On 10/08/2013 12:07 PM, Rodney L. Mercer wrote:
I've used this to extend the password expiration. It should work for
setting an expired password expiration. You have to hit enter twice
after the krbPasswordExpiration: 2013100800Z line.
# ldapmodify -x -D 'cn=Directory Manager' -W
Enter LDAP Password:
dn: uid=username,cn=users,cn=accounts,dc=example,dc=com
changetype: modify
replace: krbPasswordExpiration
krbPasswordExpiration: 2013100800Z
modifying entry
uid=username,cn=users,cn=accounts,dc=example,dc=com
ctrl-d
On Tue, 2013-10-08 at 11:51 -0500, cbul...@gmail.com wrote:
Hi All,
I created a script to add users to freeipa using ldapadd command and it
works great. Now I want to forcibly change the password in the first
user login. What attribute do I have to change to accomplish this?
Thanks!
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Force to change password in first login
Thanks Rob and Rodney!
Your recommendations worked.
On 10/08/2013 12:53 PM, Rob Crittenden wrote:
Rodney L. Mercer wrote:
I've used grub-md5-crypt to create a password for an openldap server and
used this format:
# grub-md5-crypt
Password:
Retype password:
$1$mGzMO1$zF/c9QxKV.ZZXwlvyR8UO1
Here is the ldif that I used to modify the entry on the openldap server:
#cat usermod.ldif
dn: uid=username,cn=users,cn=accounts,dc=example,dc=com
changetype: modify
replace: userPassword
userPassword: {crypt}$1$mGzMO1$zF/c9QxKV.ZZXwlvyR8UO1
I'm not sure if this will work for the directory server that IPA uses?
Worth a shot I suppose.
crypt will work. Or you can pass it in the clear and it will encrypt it
for you using the default password scheme, SSHA1 IIRC.
rob
Rodney.
On Tue, 2013-10-08 at 12:28 -0500, cbul...@gmail.com wrote:
Rodney,
Thanks!...I forgot it totally...
Let me ask you about modify the password using ldapmodify command, I
tried changing userPassword attribute with {MD5} encryption and it did
not work.
ldapmodify -x -H ldap://ipaserver -D cn=directory manager -w
'password' EOF
changetype: modify
replace: userPassword
userPassword: {MD5}QvdJref54ZW/R183pEyvyw==
EOF
Do I need to modify another attribute?...any clue?
Thanks in advance!
On 10/08/2013 12:07 PM, Rodney L. Mercer wrote:
I've used this to extend the password expiration. It should work for
setting an expired password expiration. You have to hit enter twice
after the krbPasswordExpiration: 2013100800Z line.
# ldapmodify -x -D 'cn=Directory Manager' -W
Enter LDAP Password:
dn: uid=username,cn=users,cn=accounts,dc=example,dc=com
changetype: modify
replace: krbPasswordExpiration
krbPasswordExpiration: 2013100800Z
modifying entry
uid=username,cn=users,cn=accounts,dc=example,dc=com
ctrl-d
On Tue, 2013-10-08 at 11:51 -0500, cbul...@gmail.com wrote:
Hi All,
I created a script to add users to freeipa using ldapadd command and it
works great. Now I want to forcibly change the password in the first
user login. What attribute do I have to change to accomplish this?
Thanks!
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
