Enable users to forcefully reset passwords on the next login in OpenDJ

This article explained how to enable users to forcefully reset passwords on the next login in OpenDJ. The user needs to be reset the password in the next login, to achieve this we need to add the following attributes to the user profile.

  1. force-change-on-reset:true
  2. pwdReset:true

force-change-on-reset:true

We need to update the password policy by using the following command.

dsconfig set-password-policy-prop –policy-name “Default Password Policy” –set “force-change-on-reset:true” –hostname “BLRCND52298121” –port “4444” –bindDn “uid=admin” –bindPassword ****** –trustAll –no-prompt

pwdReset:true

the parameter pwdReset is a operational attribute so you can add the attribute by using the LDAP browser, IDM through, or LDAP Modify command.

Here I used the Apache Directory studio to add the pwdReset attribute.

  • Click on the user profile and then click the + button as shown in the below

 

  • Type pwdReset and then click on finish

 

 

  • Click on ok

  • Enter the TRUE value

 

The user whenever trying to login then the user redirected to force change password and there the user needs to change the password.

Once the user changed the password successfully and then the attribute will be remove from the user profile operation attributes.

 

Leave a Reply