How To Change A User's Password So It Is Expired At First Logon With CA LDAP?


Article ID: 17701


Updated On:


CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA-24X7 High-Availability Manager for DB2 for z/OS CA-Batch Processor Compile QQF CA Data Compressor for DB2 for z/OS Data Navigator for DB2 UDB for z/OS CA-DB Delivery for DB2 CA Unicenter NSM CA Log Compress DBA for DB2 Guide Online CA InfoRefiner Advantage InfoRefiner Advantage InfoRefiner Maint Upgrade CA InfoTransport Advantage InfoTransport Maint Upgrade Online Reorg for DB2 for z/OS CA RC/Update for DB2 for z/OS Query Analyzer RI Editor for DB2 for z/OS DB2 TOOLS- DATABASE MISC CA PanApt CA PanAudit CA Top Secret CA Top Secret - LDAP



How to use CA-LDAP to change a user;s password so it is expired at first logon to force the user to replace it with a new one?


With CA-LDAP you can change a user's password and have it expired like with the native TSS commands below:

TSS REP(#acid) PASSWORD(#password,,EXP) or

TSS REP(#acid) PASSWORD(#password,15,EXP) also to replace the password interval.

Use the ldapmodify command with option -f to point to an ldif file defined as follows:

LDIF File:

 *** Top Of Data ***       
 dn: tssacid=myacid,tssadmingrp=acids,host=yourHost,o=ca,c=us 
 changetype: modify
 replace: userPassword
 userPassword: USRPWD10
 replace: ExpireNow
 ExpireNow: Y
 *** End Of Data ***

If you want to change the password interval, include the following in that ldif file:

 replace: userPassword-Interval
 userPassword-Interval: 15

Below is an example of the ldapmodify command syntax:

./ldapmodify -x -D cn=ADMIN -w ADMINPASS -v -H ldaps:// -ZZ -f ldiffile

The following url has more information about the ldif file:


Component: TSSLDP