udm users/user modify --dn "uid=xpto,ou=users,ou=abc,ou=enterprise,dc=sandbox,dc=pt,dc=corp" --set passwordexpiry=2023-02-16
it’s return Value may not change.: passwordexpiry
You are right, I got the same. However the value does change for me when I set the pwdChangeNextLogin to 1 → I guess the value may not change because it will be set by processes like this one.
As my colleague wrote some years ago userexpiry still works, furthermore you can use a password expiry policy: 4.6. Policies — Univention Corporate Server - Manual for users and administrators
My goal is to force people to change their password at the next login, however imagine the following scenario.
user with the option to change the password checked.
The person is on vacation does not have access to the PC or univention to log in and be forced to change the password, but he will consult an email through webmail, as the email is authenticated with LDAP the person has no access to the email because from the field “password expiry date”
How can I get around this situation?
I understand your problem, but I cannot give you a good way to circumvent this without thinking about it longer - I mean in the end it’s a security feature and you exactly want the user to be unable to use the old password any longer. But I can see your use case. For now I would just suggest to give the user a way to change the password remotely.