Hi,
I saw another solution for your problem - you can define a user as "passSyncManager". Then that particular user will be able to set passwords for other users without having them immediately expired. This is especially handy when you have periodic synchronization with some external account management system, from which you get passwords.
This was described here, but I think it was removed from later versions of RHEL documentation: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/htm...
Anyway, I tested it, and I think it worked... maybe one day it stopped working (or will stop). Example: ``` # ldapmodify -x -D "cn=Directory Manager" -W Enter LDAP Password: dn: cn=ipa_pwd_extop,cn=plugins,cn=config changetype: modify add: passSyncManagersDNs passSyncManagersDNs: uid=ext-provisioner,cn=users,cn=accounts,dc=ims,dc=telekom,dc=de ```
-- Regards, Dmitry Perets.
"The more one knows, the less opinions he shares" -- Wilhelm Schwebel
Hi Dmitry,
On 15/03/2019 12:42, Dmitry Perets via FreeIPA-users wrote:
Hi,
I saw another solution for your problem - you can define a user as "passSyncManager". Then that particular user will be able to set passwords for other users without having them immediately expired. This is especially handy when you have periodic synchronization with some external account management system, from which you get passwords.
This was described here, but I think it was removed from later versions of RHEL documentation: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/htm...
Anyway, I tested it, and I think it worked... maybe one day it stopped working (or will stop). Example:
# ldapmodify -x -D "cn=Directory Manager" -W Enter LDAP Password: dn: cn=ipa_pwd_extop,cn=plugins,cn=config changetype: modify add: passSyncManagersDNs passSyncManagersDNs: uid=ext-provisioner,cn=users,cn=accounts,dc=ims,dc=telekom,dc=de
Wanted to reply off-list, to say thank you because the above worked great! Been using it for the last week.
I am afraid they will remove the functionality if I reply on the list :)
Kind regards and best wishes,
Jelle de Jong (GNU/Linux Consultant) PowerCraft Technology I: www.powercraft.nl T: +3185 060 9913 M: +316 1218 2441
freeipa-users@lists.fedorahosted.org