Open GoogleCodeExporter opened 8 years ago
It seems to come down to user entries in
LDAP being created with a shadowMax value of 45 (days), when that value should
be something like 99999 (a few centuries).
It is probably a fairly standard
LDAP update command to replace values for existing users
#graham
Original comment by bhavana....@gmail.com
on 14 Jun 2011 at 10:54
Explanation on /etc/shadow for each field:
http://tldp.org/LDP/lame/LAME/linux-admin-made-easy/shadow-file-formats.html
Using 'chage' command (note: not change) , one could change the expiry date on
the password:
http://www.unix.com/shell-programming-scripting/82501-force-change-password-modi
fying-etc-shadow.html
#Bhavana
Original comment by bhavana....@gmail.com
on 14 Jun 2011 at 10:56
use smbldap-usermodd instead as it overrides the shadow
Original comment by bhavana....@gmail.com
on 14 Jun 2011 at 12:28
Work needed; Modify the script that adds users and test it before rolling over
to all the groups. Presently have manually changed the settings on all existing
users of the groups.
Original comment by bhavana....@gmail.com
on 14 Jun 2011 at 12:31
Example command to extend password expire age: smbldap-usermod --shadowMax
99999 <username>
Original comment by gk-goo...@ninebynine.org
on 28 Oct 2011 at 3:42
Command to list users: smbldap-userlist
Original comment by graham.k...@oerc.ox.ac.uk
on 5 Feb 2013 at 1:01
Edited /root/admiralusermanagement.sh to add smbldap-udsermod command to
function generatesystemuser(), as shown below. With this change, nerw users
are created with shadowmax set to 99999 days.
function generatesystemuser()
{
# $1 = users script name
# $2 = new user password
source $1
password=$2
echo $username \"$userfullname\" $userrole \"$userroom\" \"$userphone\" $password
# Create new user account
if [[ "$password" == "" ]]; then
smbldap-useradd -a -P -m -g $userrole $username
else
smbldap-useradd -a -P -m -g $userrole $username <<END
$password
$password
END
fi
smbldap-userinfo -f "$userfullname" -r "$userroom" -w "$userphone" $username
smbldap-usermod --shadowMax 99999 $username
# For non-collaborators, create user directories and set permissions
if [[ "$userrole" != "RGCollaborator" ]]; then
# Create ADMIRAL working directory areas for the new user
# if they don't already exist
mkdir -p /home/data/private/$username
mkdir -p /home/data/shared/$username
mkdir -p /home/data/collab/$username
# Set user data area owner and ACLs
setdataownerandaccess $username $username $userrole
# Set up Apache access control configuration
/root/createapacheuserconfig.sh $username
fi
}
Original comment by graham.k...@oerc.ox.ac.uk
on 5 Feb 2013 at 1:10
Original issue reported on code.google.com by
bhavana....@gmail.com
on 14 Jun 2011 at 10:53