Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

28.5. Changing Password Expiration Date with Immediate Effect

IdM applies the password policy rules when an existing password changes or when a user enters a new password. See Section 28.4, “Modifying Password Policy Attributes”.
To enforce an immediate change of the expiration date of a user password, reset the krbPasswordExpiration attribute value in LDAP. For example, for a single user:
  1. Use the ldapmodify utility: 
    # ldapmodify -D "cn=Directory Manager" -w secret -h server.example.com -p 389 -vv

dn: uid=user_name,cn=users,cn=accounts,dc=example,dc=com
changetype: modify
replace: krbPasswordExpiration
krbPasswordExpiration: 20160203203734Z
    The krbPasswordExpiration format follows this template:
    • Year (2016)
    • Month (02)
    • Day (03)
    • Current time in hours, minutes, and seconds (20:37:34)
    • Time zone (Z)
  2. Press Ctrl+D to confirm and send the changes to the server.
To edit multiple entries at once, use the -f option with ldapmodify to reference an LDIF file.