Description:
How to use CA-LDAP to change a user;s password so it is expired at first logon to force the user to replace it with a new one?
Solution:
With CA-LDAP you can change a user's password and have it expired like with the native TSS commands below:
TSS REP(#acid) PASSWORD(#password,,EXP) or
TSS REP(#acid) PASSWORD(#password,15,EXP) also to replace the password interval.
Use the ldapmodify command with option -f to point to an ldif file defined as follows:
LDIF File:
*** Top Of Data *** dn: tssacid=myacid,tssadmingrp=acids,host=yourHost,o=ca,c=us changetype: modify replace: userPassword userPassword: USRPWD10 - replace: ExpireNow ExpireNow: Y *** End Of Data ***
If you want to change the password interval, include the following in that ldif file:
*** - replace: userPassword-Interval userPassword-Interval: 15 ***
Below is an example of the ldapmodify command syntax:
./ldapmodify -x -D cn=ADMIN -w ADMINPASS -v -H ldaps://xxxxxx.xxxxxxxx.com:636 -ZZ -f ldiffile
The following url has more information about the ldif file:
http://en.wikipedia.org/wiki/LDAP_Data_Interchange_Format