I want to change edge users default password policy for openldap
---
By default pwdMaxAge for normal users is 2592000 i.e. 30 days. Now I want to change it to 0 which means user won't expire.
---
how to do this?
Reference doc:
https://docs.apigee.com/private-cloud/v4.51.00/managing-default-ldap-password-policy-api-management#...
Solved! Go to Solution.
To answer this there are two scenarios first one is if you want make this change for a single user and second one for multiple user. I am sharing the procedure for both the cases.
1. Please follow the steps mentioned below to change the "pwdMaxAge" for all the users:
i. Create a new file called “ppchange.ldif” under “/opt/apigee/apigee-openldap/ldif”. Add the user dn line from default-pwpolicy.ldif as the first line of your ldif file. After the first line, append these lines:
changetype: modify
replace: pwdMaxAge
pwdMaxAge: <mention the time you want to change to>
Note: You can find the default-pwpolicy.ldif under the path “/opt/apigee/apigee-openldap/ldif”.
So for example, your ppchange.ldif file should look like this:
dn: cn=default,ou=pwpolicies,dc=apigee,dc=com
changetype: modify
add: pwdMaxAge
pwdMaxAge: <Number of seconds after which a user password expires>
ii. Use the below ldapmodify command to update the details.
ldapmodify -w <Ldap_Password> -D "cn=manager,dc=apigee,dc=com" -h localhost -p 10389 -f ppchange.ldif
2. If you want to change the "pwdMaxAge" for a single user please follow the steps mentioned below:
i. For each user, create a new file called ppchange-(username).ldif on your management server. Add the user dn line from ldapsearch as the first line of your ldif file. After the first line, append these lines:
changetype: modify
add: pwdPolicySubentry
pwdPolicySubentry: cn=sysadmin,ou=pwpolicies,dc=apigee,dc=com
So for example, your ppchange-(username).ldif file should look like this:
dn: uid=<uid of a user>,ou=users,ou=global,dc=apigee,dc=com
changetype: modify
add: pwdMaxAge
pwdMaxAge: <Number of seconds after which a user password expires>
ii. Lastly, execute the following ldapmodify command for each user:
ldapmodify -w <LDAP_PASSWORD> -D "cn=manager,dc=apigee,dc=com" -h localhost -p 10389 -f ppchange-(username).ldif
To answer this there are two scenarios first one is if you want make this change for a single user and second one for multiple user. I am sharing the procedure for both the cases.
1. Please follow the steps mentioned below to change the "pwdMaxAge" for all the users:
i. Create a new file called “ppchange.ldif” under “/opt/apigee/apigee-openldap/ldif”. Add the user dn line from default-pwpolicy.ldif as the first line of your ldif file. After the first line, append these lines:
changetype: modify
replace: pwdMaxAge
pwdMaxAge: <mention the time you want to change to>
Note: You can find the default-pwpolicy.ldif under the path “/opt/apigee/apigee-openldap/ldif”.
So for example, your ppchange.ldif file should look like this:
dn: cn=default,ou=pwpolicies,dc=apigee,dc=com
changetype: modify
add: pwdMaxAge
pwdMaxAge: <Number of seconds after which a user password expires>
ii. Use the below ldapmodify command to update the details.
ldapmodify -w <Ldap_Password> -D "cn=manager,dc=apigee,dc=com" -h localhost -p 10389 -f ppchange.ldif
2. If you want to change the "pwdMaxAge" for a single user please follow the steps mentioned below:
i. For each user, create a new file called ppchange-(username).ldif on your management server. Add the user dn line from ldapsearch as the first line of your ldif file. After the first line, append these lines:
changetype: modify
add: pwdPolicySubentry
pwdPolicySubentry: cn=sysadmin,ou=pwpolicies,dc=apigee,dc=com
So for example, your ppchange-(username).ldif file should look like this:
dn: uid=<uid of a user>,ou=users,ou=global,dc=apigee,dc=com
changetype: modify
add: pwdMaxAge
pwdMaxAge: <Number of seconds after which a user password expires>
ii. Lastly, execute the following ldapmodify command for each user:
ldapmodify -w <LDAP_PASSWORD> -D "cn=manager,dc=apigee,dc=com" -h localhost -p 10389 -f ppchange-(username).ldif