ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How To Change A User's Password So It Is Expired At First Logon With CA LDAP?

book

Article ID: 17701

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC 24X7 High-Availability Manager for DB2 for z/OS Batch Processor Compile QQF Data Compressor for DB2 for z/OS CA Unicenter NSM RC/Update for DB2 for z/OS DB2 TOOLS- DATABASE MISC PanApt PanAudit Top Secret Top Secret - LDAP

Issue/Introduction

Description:

How to use CA-LDAP to change a user;s password so it is expired at first logon to force the user to replace it with a new one?

Solution:

With CA-LDAP you can change a user's password and have it expired like with the native TSS commands below:

TSS REP(#acid) PASSWORD(#password,,EXP) or

TSS REP(#acid) PASSWORD(#password,15,EXP) also to replace the password interval.

Use the ldapmodify command with option -f to point to an ldif file defined as follows:

LDIF File: 


 *** Top Of Data ***       
 dn: tssacid=myacid,tssadmingrp=acids,host=yourHost,o=ca,c=us 
 changetype: modify
 replace: userPassword
 userPassword: USRPWD10
 -
 replace: ExpireNow
 ExpireNow: Y
 *** End Of Data ***

If you want to change the password interval, include the following in that ldif file: 


 ***       
 - 
 replace: userPassword-Interval
 userPassword-Interval: 15
 ***

Below is an example of the ldapmodify command syntax:

./ldapmodify -x -D cn=ADMIN -w ADMINPASS -v -H ldaps://xxxxxx.xxxxxxxx.com:636 -ZZ -f ldiffile

The following url has more information about the ldif file:

http://en.wikipedia.org/wiki/LDAP_Data_Interchange_Format

Environment

Release:
Component: TSSLDP
Powered by Wolken Software