To answer this there are two scenarios first one is if you want make this change for a single user and second one for multiple user. I am sharing the procedure for both the cases.

1. Please follow the steps mentioned below to change the "pwdMaxAge" for all the users:

i. Create a new file called “ppchange.ldif” under “/opt/apigee/apigee-openldap/ldif”. Add the user dn line from default-pwpolicy.ldif as the first line of your ldif file. After the first line, append these lines:

changetype: modify
replace: pwdMaxAge
pwdMaxAge: <mention the time you want to change to>

Note: You can find the default-pwpolicy.ldif under the path “/opt/apigee/apigee-openldap/ldif”.

So for example, your ppchange.ldif file should look like this:

dn: cn=default,ou=pwpolicies,dc=apigee,dc=com
changetype: modify
add: pwdMaxAge
pwdMaxAge: <Number of seconds after which a user password expires>


ii. Use the below ldapmodify command to update the details.

ldapmodify -w <Ldap_Password> -D "cn=manager,dc=apigee,dc=com" -h localhost -p 10389 -f ppchange.ldif

2. If you want to change the "pwdMaxAge" for a single user please follow the steps mentioned below:

i. For each user, create a new file called ppchange-(username).ldif on your management server. Add the user dn line from ldapsearch as the first line of your ldif file. After the first line, append these lines:

changetype: modify
add: pwdPolicySubentry
pwdPolicySubentry: cn=sysadmin,ou=pwpolicies,dc=apigee,dc=com

So for example, your ppchange-(username).ldif file should look like this:

dn: uid=<uid of a user>,ou=users,ou=global,dc=apigee,dc=com
changetype: modify
add: pwdMaxAge
pwdMaxAge: <Number of seconds after which a user password expires>

ii. Lastly, execute the following ldapmodify command for each user:
ldapmodify -w <LDAP_PASSWORD> -D "cn=manager,dc=apigee,dc=com" -h localhost -p 10389 -f ppchange-(username).ldif