How can Broadcom's LDAP server be used to change a Top Secret user's password so it is expired at first logon and to force the user to replace it with a new one?

Component: TSSLDP

With Broadcom's LDAP server you can change a Top Secret user's password and have it expired like with the native TSS commands below:

TSS REP(#acid) PASSWORD(#password,,EXP) or

TSS REP(#acid) PASSWORD(#password,15,EXP) also to replace the password interval.

Use the ldapmodify command with option -f to point to an ldif file defined as follows:

LDIF File:

 *** Top Of Data ***       
 dn: tssacid=myacid,tssadmingrp=acids,host=yourHost,o=ca,c=us 
 changetype: modify
 replace: userPassword
 userPassword: xxxxxxxx
 -
 replace: ExpireNow
 ExpireNow: Y
 *** End Of Data ***

If you want to change the password interval, include the following in that ldif file:

 ***       
 - 
 replace: userPassword-Interval
 userPassword-Interval: 15
 ***

Below is an example of the ldapmodify command syntax:

./ldapmodify -x -D cn=ADMIN -w ADMINPASS -v -H ldaps://xxxxxx.xxxxxxxx.com:port -ZZ -f ldiffile