Hi Dmitry,

On 15/03/2019 12:42, Dmitry Perets via FreeIPA-users wrote:

Hi,

I saw another solution for your problem - you can define a user as "passSyncManager". Then that particular user will be able to set passwords for other users without having them immediately expired. This is especially handy when you have periodic synchronization with some external account management system, from which you get passwords.

This was described here, but I think it was removed from later versions of RHEL documentation: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/htm...

Anyway, I tested it, and I think it worked... maybe one day it stopped working (or will stop). Example:

     # ldapmodify -x -D "cn=Directory Manager" -W
     Enter LDAP Password:
     dn: cn=ipa_pwd_extop,cn=plugins,cn=config
     changetype: modify
     add: passSyncManagersDNs
     passSyncManagersDNs:
uid=ext-provisioner,cn=users,cn=accounts,dc=ims,dc=telekom,dc=de

Wanted to reply off-list, to say thank you because the above worked great! Been using it for the last week.

I am afraid they will remove the functionality if I reply on the list :)

Kind regards and best wishes,

Jelle de Jong (GNU/Linux Consultant) PowerCraft Technology I: www.powercraft.nl T: +3185 060 9913 M: +316 1218 2441