Change passwordexpiry date

bbassotti · July 31, 2018, 1:01pm

hi all, for administrative reasons I need to change the expiry password date but using the command:

udm users/user modify --dn uid=dnofuser --modify passwordexpiry=2018-11-30

the output is:

value may not change.: passwordexpiry

is there any other method to shift the date?

thank you

troeder · July 31, 2018, 1:39pm

What is it you wish to achieve?

expire date for user account/login
password change policy

bbassotti · July 31, 2018, 2:01pm

expire date for user account/login

troeder · July 31, 2018, 2:31pm

udm users/user modify --dn uid=dnofuser --set userexpiry=2018-08-23

Greetings
Daniel

bbassotti · July 31, 2018, 2:35pm

no, sorry i misunderstood, i need to change the password expire policy.

thank you.

troeder · July 31, 2018, 3:18pm

See the manual: http://docs.software-univention.de/manual-4.3.html#users:passwords
Be aware, that you may have to set the password policy for Samba / Windows clients separately (section 6.3).

lapf10 · February 13, 2023, 11:06am

Hi,
Does anyone know what the name of the password expiry date parameter is?
imagem
where can i find the list of all these parameters?
thanks

jlk · February 13, 2023, 11:20am

Hello,

depends on the context (e.g. where you want to use the name). UDM-CLI will list you all attributes via --help, in this case:

$ udm users/user --help
univention-directory-manager: command line interface for managing UCS
[...]
users/user variables:
  Account:
        Locked login
                passwordexpiry (e)                       Password expiry date

( I have omitted the other attributes)

Regards
Jan-Luca

lapf10 · February 13, 2023, 12:07pm

thanks for the help and quick response.

udm users/user modify --dn "uid=xpto,ou=users,ou=abc,ou=enterprise,dc=sandbox,dc=pt,dc=corp" --set passwordexpiry=2023-02-16
it’s return
Value may not change.: passwordexpiry

why is it not possible to change this value?

jlk · February 14, 2023, 3:29pm

You are right, I got the same. However the value does change for me when I set the pwdChangeNextLogin to 1 → I guess the value may not change because it will be set by processes like this one.
As my colleague wrote some years ago userexpiry still works, furthermore you can use a password expiry policy: 4.6. Policies — Univention Corporate Server - Manual for users and administrators

lapf10 · February 14, 2023, 5:59pm

My goal is to force people to change their password at the next login, however imagine the following scenario.

user with the option to change the password checked.
The person is on vacation does not have access to the PC or univention to log in and be forced to change the password, but he will consult an email through webmail, as the email is authenticated with LDAP the person has no access to the email because from the field “password expiry date”
How can I get around this situation?

jlk · February 20, 2023, 2:04pm

I understand your problem, but I cannot give you a good way to circumvent this without thinking about it longer - I mean in the end it’s a security feature and you exactly want the user to be unable to use the old password any longer. But I can see your use case. For now I would just suggest to give the user a way to change the password remotely.