[Systems] Reset Expired LDAP Password
Chihurumnaya Ibiam
ibiamchihurumnaya at gmail.com
Wed Nov 27 17:24:26 EST 2019
I've been able to reset the password with Sam's help.
--
Ibiam Chihurumnaya
ibiamchihurumnaya at gmail.com
On Wed, Nov 27, 2019 at 1:28 AM Bernie Innocenti <bernie at codewiz.org> wrote:
> On 27/11/2019 02.48, James Cameron wrote:
> > I like that theory. I've a vague memory of being in ldapvi and seeing
> > some accounts are more equal than others.
> >
> > If I knew how to convert an account from LDAP to ordinary /etc/passwd
> > style, I'd do it. We're not big enough to justify the effort on LDAP.
>
> LDAP was once useful when SL accounts were spanning multiple servers,
> but now it just adds complexity. If it were my call, I'd just stop
> creating new shell accounts altogether, since they're no longer
> necessary for development and they cause a ton of sysadmin toil (not to
> mention the security concerns).
>
> But the biggest pain point with LDAP seem to be periodic password
> expiration: that was useful to detect inactive accounts that could be
> removed, but expiring passwords is no longer common practice nowadays.
> We could easily change all expiry fields to 99999 with a search &
> replace in ldapvi. We could even delete all passwords, since they were
> only used for SMTP and IMAP.
>
> To move all users out of ldap, simply pipe the output of ldapsearch into
> an awk / perl / python one-liner which converts the records. I'd
> probably do different one-liners to produce passwd, shadow and groups.
>
> --
> _ // Bernie Innocenti
> \X/ https://codewiz.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/systems/attachments/20191127/6d2bee08/attachment.html>
More information about the Systems
mailing list