Fedora Info: [389-users] Re: Allow User to Change Expired Password

Wednesday, November 8, 2023

[389-users] Re: Allow User to Change Expired Password

Hi Aaron,

I'm not sure what version of 389 you are using but it works for me on
the latest version if I enable grace logins. Here are my settings:

cn=config
...
passwordChange: on
passwordGraceLimit: 2
passwordExp: on
passwordMaxAge: 30

$ ldapmodify -H ldap://localhost:389 -D
"cn=mark,ou=people,dc=example,dc=com" -w password
control: 2.16.840.1.113730.3.4.4 false MA==
# PasswordExpired control
dn: cn=mark,ou=people,dc=example,dc=com
changetype: modify
replace: userpassword
userpassword: Secret123

modifying entry "cn=mark,ou=people,dc=example,dc=com"

HTH,

Mark

On 11/8/23 9:55 AM, Aaron Enders wrote:
> Hello,
>
> Question: Is there a way to allow users to change their password if the password has already expired?
>
> I've been fighting this issue for months now and havn't found a resolution. My users are able to change their password if it is not expired however once expired even in the Grace login period they are unable to change due to anonomus binds not allowed. Is there an ACI that would apply here? My problem is I use a VPN solution which only allerts the users the password is expiring however they do not have a way to change.
>
> Thanks
> Aaron
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

--
Identity Management Development Team
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)