Re: Allow User to Change Expired Password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Aaron,
I'm not sure what version of 389 you are using but it works for me on the latest version if I enable grace logins.  Here are my settings: 

cn=config
...
passwordChange: on
passwordGraceLimit: 2
passwordExp: on
passwordMaxAge: 30
$ ldapmodify -H ldap://localhost:389 -D "cn=mark,ou=people,dc=example,dc=com" -w password 
control: 2.16.840.1.113730.3.4.4 false MA==
# PasswordExpired control
dn: cn=mark,ou=people,dc=example,dc=com
changetype: modify
replace: userpassword
userpassword: Secret123

modifying entry "cn=mark,ou=people,dc=example,dc=com"


HTH,

Mark

On 11/8/23 9:55 AM, Aaron Enders wrote:

Hello,

Question: Is there a way to allow users to change their password if the password has already expired?

I've been fighting this issue for months now and havn't found a resolution. My users are able to change their password if it is not expired however once expired even in the Grace login period they are unable to change due to anonomus binds not allowed. Is there an ACI that would apply here? My problem is I use a VPN solution which only allerts the users the password is expiring however they do not have a way to change.

Thanks
Aaron
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue


--
Identity Management Development Team
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux