How to “Require password change at next login” without resetting password
When you reset an user's password in macOS Server.app's Open Directory (I think it's using slapd
), you can also check the option Require password change at next login
.
The question: can you also check that option somehow without changing the password? We want to enforce a new password policy, and require all users to change their password. Probably something on the command line.
(when you change the directory password, the local password hasn't changed, so that can be a bit complicated for the end user)
mac ldap openldap
add a comment |
When you reset an user's password in macOS Server.app's Open Directory (I think it's using slapd
), you can also check the option Require password change at next login
.
The question: can you also check that option somehow without changing the password? We want to enforce a new password policy, and require all users to change their password. Probably something on the command line.
(when you change the directory password, the local password hasn't changed, so that can be a bit complicated for the end user)
mac ldap openldap
add a comment |
When you reset an user's password in macOS Server.app's Open Directory (I think it's using slapd
), you can also check the option Require password change at next login
.
The question: can you also check that option somehow without changing the password? We want to enforce a new password policy, and require all users to change their password. Probably something on the command line.
(when you change the directory password, the local password hasn't changed, so that can be a bit complicated for the end user)
mac ldap openldap
When you reset an user's password in macOS Server.app's Open Directory (I think it's using slapd
), you can also check the option Require password change at next login
.
The question: can you also check that option somehow without changing the password? We want to enforce a new password policy, and require all users to change their password. Probably something on the command line.
(when you change the directory password, the local password hasn't changed, so that can be a bit complicated for the end user)
mac ldap openldap
mac ldap openldap
asked Jan 7 at 15:07
doekmandoekman
1961719
1961719
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
The post
Cannot force password changes
has this method:
I had a similar issue (upgrading from Mavericks to Yosemite, started
on Saturday) and resolved it today by
- exporting users and groups into a text file (you can do this from within server),
- destroy the OD master,
- delete all the certs,
- restart
- create a new master
- import users from text file
- import groups
With this method, users will have to reset their passwords, but you
have all user ids, etc. preserved.
The issue stems from the way OD is relying on certificates for
authentication. When you are creating the new master, the relevant
certificates are created to support OD. Just archiving and restoring
the OD master didn't help.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1391528%2fhow-to-require-password-change-at-next-login-without-resetting-password%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The post
Cannot force password changes
has this method:
I had a similar issue (upgrading from Mavericks to Yosemite, started
on Saturday) and resolved it today by
- exporting users and groups into a text file (you can do this from within server),
- destroy the OD master,
- delete all the certs,
- restart
- create a new master
- import users from text file
- import groups
With this method, users will have to reset their passwords, but you
have all user ids, etc. preserved.
The issue stems from the way OD is relying on certificates for
authentication. When you are creating the new master, the relevant
certificates are created to support OD. Just archiving and restoring
the OD master didn't help.
add a comment |
The post
Cannot force password changes
has this method:
I had a similar issue (upgrading from Mavericks to Yosemite, started
on Saturday) and resolved it today by
- exporting users and groups into a text file (you can do this from within server),
- destroy the OD master,
- delete all the certs,
- restart
- create a new master
- import users from text file
- import groups
With this method, users will have to reset their passwords, but you
have all user ids, etc. preserved.
The issue stems from the way OD is relying on certificates for
authentication. When you are creating the new master, the relevant
certificates are created to support OD. Just archiving and restoring
the OD master didn't help.
add a comment |
The post
Cannot force password changes
has this method:
I had a similar issue (upgrading from Mavericks to Yosemite, started
on Saturday) and resolved it today by
- exporting users and groups into a text file (you can do this from within server),
- destroy the OD master,
- delete all the certs,
- restart
- create a new master
- import users from text file
- import groups
With this method, users will have to reset their passwords, but you
have all user ids, etc. preserved.
The issue stems from the way OD is relying on certificates for
authentication. When you are creating the new master, the relevant
certificates are created to support OD. Just archiving and restoring
the OD master didn't help.
The post
Cannot force password changes
has this method:
I had a similar issue (upgrading from Mavericks to Yosemite, started
on Saturday) and resolved it today by
- exporting users and groups into a text file (you can do this from within server),
- destroy the OD master,
- delete all the certs,
- restart
- create a new master
- import users from text file
- import groups
With this method, users will have to reset their passwords, but you
have all user ids, etc. preserved.
The issue stems from the way OD is relying on certificates for
authentication. When you are creating the new master, the relevant
certificates are created to support OD. Just archiving and restoring
the OD master didn't help.
answered Jan 7 at 20:21
harrymcharrymc
256k14268568
256k14268568
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1391528%2fhow-to-require-password-change-at-next-login-without-resetting-password%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown