How to Reset Password Expiry in OpenLDAP
Hi,
I am trying to find how to change some password policy settings in openLDAP (on a system-wide level) level not on a per user level)such that ALL LDAP account users ie existing and new users have their passwords to expire after 90 days.
I know the main parameter that controls this is the maxPasswdAge parameter but i am not sure how to set this .I have tried different LDApmodify options
but it fails
ldapmodify -W -x -D "cn=Manager,dc=mydomain,dc=local" -f test.ldif
dn: cn=pwdpolicyentry,cn=common,cn=products,cn=OracleContext,o=my_company,dc=com
changetype: modify
replace: pwdMaxAge
pwdMaxAge: 7776000
the error messages was .. modifying entry "cn=pwdpoilicyentry,cn=common,cn=products,cn=Oraclecontext,dc=mydomain,dc=com"
ldapmodify :no such object(32)
matched DN: dc=mydomain ,dc=com
My questions are
1. Are there any alternatives to doing this ie 1. just change a setting manually somewhere in some configuration file and restart the ldap server. ?
2.Are there any service to bounce once done
3.Also i would like to set the pwdExpireWarning setting such that users are warned before their password expires
Does this need any service bounced or restarted after this change ie does ldap service need to be restarted.
I have googled this but found nothing
also on the local linux users machine on i used chage -M to reset the maximum password expiry date for users but again this comand has to run on an adhoc basis per user or maybe by writing a script to do this.Again is there a system wide level change i have made channges in /etc/login-defs but it failed with errors .
Does anything need to be set in pam files .
We are running openldap 2.3.43 on RHel 5.3
Can anyone share their experience on this please.Any help would be greatly appreciated.
|