What are the differences between LDAP fields/attributes like "userPassword-Expire" and "ExpireNow". How do you use these?
"userPassword-Expire" is a non updatable field. It contains the date of password expiration and it can be modified by administrator thru the change of password expiration interval or adding a new password and expire it at first logon.
To expire a new password when creating an acid use attribute :
"ExpireNow: Y"
"userPassword-Expire" must not be coded.
Here it an example of ldapmodify command and its ldif file to create a new acid with an expired password:
ldapmodify -c -h YourHostName -p 389 -D cn=Admin -w password -x -f Your.ldif
YourHostName is your TCPIP name of your Host.
389 is the default port, use yours.
Admin is the administrator acid.
Your.ldif is your ldif file which contains what follows between the Top and End boundaries.
*** Top Of Ldif ****
version: 1
dn:tssacid=\#00002,tssadmingrp=acids,host=usi252me,o=ca,c=us
changetype: add
objectClass: tssacid
Name:DEFAULT USER 2
tssacid:#00002
User-Type:USER
Department:D112
userPassword:000002
ExpireNow:Y
*** End Of Ldif ****