Show Table of Contents
28.5. Changing Password Expiration Date with Immediate Effect
IdM applies the password policy rules when an existing password changes or when a user enters a new password. See Section 28.4, “Modifying Password Policy Attributes”.
To enforce an immediate change of the expiration date of a user password, reset the
krbPasswordExpiration
attribute value in LDAP. For example, for a single user:
- Use the
ldapmodify
utility:#
ldapmodify -D "cn=Directory Manager" -w secret -h server.example.com -p 389 -vv
dn:uid=user_name,cn=users,cn=accounts,dc=example,dc=com
changetype:modify
replace:krbPasswordExpiration
krbPasswordExpiration:20160203203734Z
ThekrbPasswordExpiration
format follows this template:- Year (
2016
) - Month (
02
) - Day (
03
) - Current time in hours, minutes, and seconds (
20:37:34
) - Time zone (
Z
)
- Press Ctrl+D to confirm and send the changes to the server.
To edit multiple entries at once, use the
-f
option with ldapmodify
to reference an LDIF file.