How To Create New Acid with an Expired Password?

book

Article ID: 48604

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA-24X7 High-Availability Manager for DB2 for z/OS CA-Batch Processor Compile QQF CA Data Compressor for DB2 for z/OS Data Navigator for DB2 UDB for z/OS CA-DB Delivery for DB2 CA Unicenter NSM CA Log Compress DBA for DB2 Guide Online CA InfoRefiner Advantage InfoRefiner Advantage InfoRefiner Maint Upgrade CA InfoTransport Advantage InfoTransport Maint Upgrade Online Reorg for DB2 for z/OS CA RC/Update for DB2 for z/OS Query Analyzer RI Editor for DB2 for z/OS DB2 TOOLS- DATABASE MISC CA PanApt CA PanAudit CA Top Secret CA Top Secret - LDAP

Issue/Introduction

Description:

We are mixing up some fields and attributes like "userPassword-Expire" and "ExpireNow".

What are the difference between them both?
How can we use it?

Solution:

"userPassword-Expire" is a non updatable field. It contains the date of password expiration and it can be modified by administrator thru the change of password expiration interval or adding a new password and expire it at first logon.

To expire a new password when creating an acid use attribute :

"ExpireNow: Y"

"userPassword-Expire" must not be coded.

Here it an example of ldapmodify command and its ldif file to create a new acid with an expired password:

ldapmodify -c -h YourHostName -p 389 -D cn=Admin -w password -x -f Your.ldif

YourHostName is your TCPIP name of your Host.
389 is the default port, use yours.
Admin is the administrator acid.
Your.ldif is your ldif file which contains what follows between the Top and End boundaries.

*** Top Of Ldif ****
version: 1
dn:tssacid=\#00002,tssadmingrp=acids,host=usi252me,o=ca,c=us
changetype: add
objectClass: tssacid
Name:DEFAULT USER 2
tssacid:#00002
User-Type:USER
Department:D112
userPassword:000002
ExpireNow:Y
*** End Of Ldif ****

Environment

Release:
Component: LDAPDV