Difference Between LDAP Fields "userPassword-Expire" and "ExpireNow"
search cancel

Difference Between LDAP Fields "userPassword-Expire" and "ExpireNow"

book

Article ID: 48604

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC 24X7 High-Availability Manager for DB2 for z/OS Batch Processor Compile QQF Data Compressor for DB2 for z/OS CA Unicenter NSM RC/Update for DB2 for z/OS DB2 TOOLS- DATABASE MISC PanApt PanAudit Top Secret Top Secret - LDAP

Issue/Introduction

What are the differences between LDAP fields/attributes like "userPassword-Expire" and "ExpireNow". How do you use these?

Environment

Release:
Component: LDAPDV

Resolution

"userPassword-Expire" is a non updatable field. It contains the date of password expiration and it can be modified by administrator thru the change of password expiration interval or adding a new password and expire it at first logon.

To expire a new password when creating an acid use attribute :

"ExpireNow: Y"

"userPassword-Expire" must not be coded.

Here it an example of ldapmodify command and its ldif file to create a new acid with an expired password:

ldapmodify -c -h YourHostName -p 389 -D cn=Admin -w password -x -f Your.ldif

YourHostName is your TCPIP name of your Host.
389 is the default port, use yours.
Admin is the administrator acid.
Your.ldif is your ldif file which contains what follows between the Top and End boundaries.

*** Top Of Ldif ****
version: 1
dn:tssacid=\#00002,tssadmingrp=acids,host=usi252me,o=ca,c=us
changetype: add
objectClass: tssacid
Name:DEFAULT USER 2
tssacid:#00002
User-Type:USER
Department:D112
userPassword:000002
ExpireNow:Y
*** End Of Ldif ****

Powered by Wolken Software