I did lots of RTFM but i am not able to change passwords of users after first login.
I was using ppolicy overlay .
My ppolicy file :-
dn: cn=basicPwdPolicy,dc=avaya,dc=com
cn: basicPwdPolicy
objectClass: device
objectClass: pwdPolicy
objectClass: top
pwdMustChange: TRUE
pwdReset: TRUE
pwdMaxAge: 600
pwdAttribute: 2.5.4.35
While adding the users to systems i have added following attributes to users ldif file:-
pwdMustChange: TRUE
pwdReset: TRUE
But still when i tried to login user into system it was giving following error:-
pwdReset true Access denied
However i am able to change the passwd of that user using passwd command and that user is able to login into system.
I sent a mail to openldap mailing list. I got reply that after adding the user use ldapmodify to work above policy. But sadly this also not worked .
So dig into ldap documentation again and to achieve this.
I found some interesting attributes :)
While adding user to ldap add the following entries into users ldif file:-
objectClass: shadowAccount
shadowLastChange: 1
shadowWarning: 7
shadowMin: 0
shadowMax: 1
Attribute shadowLastChange: 1 causes Password to expire after first login
If you do not want to change password after first login set its value to 13833
If you want to expire the passwords after specific days set shadowMax to resp values
Gosh ,finally i am able to expire the passwords :)
