diff options
author | Gabe <redhatrises@gmail.com> | 2017-03-30 18:21:47 -0600 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2017-03-31 12:19:40 +0200 |
commit | 274b0bcf5ff2408739d94ba1b1b4bca69f310dfc (patch) | |
tree | 3f20f51966c11fda1cdea426fb888d849ffb6c84 /ACI.txt | |
parent | d06315de6b1e951d6cce7d7d6495a32b44216274 (diff) | |
download | freeipa-274b0bcf5ff2408739d94ba1b1b4bca69f310dfc.tar.gz freeipa-274b0bcf5ff2408739d94ba1b1b4bca69f310dfc.tar.xz freeipa-274b0bcf5ff2408739d94ba1b1b4bca69f310dfc.zip |
Add --password-expiration to allow admin to force user password expiration
- Allows an admin to easily force a user to expire their password forcing the user to change it immediately or at a specified time in the future
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ACI.txt')
-rw-r--r-- | ACI.txt | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -351,7 +351,7 @@ aci: (targetattr = "member")(target = "ldap:///cn=ipausers,cn=groups,cn=accounts dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Add Users";allow (add) groupdn = "ldap:///cn=System: Add Users,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example -aci: (targetattr = "krbprincipalkey || passwordhistory || sambalmpassword || sambantpassword || userpassword")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=ipa,dc=example))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Change User password";allow (write) groupdn = "ldap:///cn=System: Change User password,cn=permissions,cn=pbac,dc=ipa,dc=example";) +aci: (targetattr = "krbpasswordexpiration || krbprincipalkey || passwordhistory || sambalmpassword || sambantpassword || userpassword")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=ipa,dc=example))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Change User password";allow (write) groupdn = "ldap:///cn=System: Change User password,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetattr = "ipacertmapdata || objectclass")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Manage User Certificate Mappings";allow (write) groupdn = "ldap:///cn=System: Manage User Certificate Mappings,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example |