This article explained how to enable users to forcefully reset passwords on the next login in OpenDJ. The user needs to be reset the password in the next login, to achieve this we need to add the following attributes to the user profile.
- force-change-on-reset:true
- pwdReset:true
force-change-on-reset:true
We need to update the password policy by using the following command.
dsconfig set-password-policy-prop –policy-name “Default Password Policy” –set “force-change-on-reset:true” –hostname “BLRCND52298121” –port “4444” –bindDn “uid=admin” –bindPassword ****** –trustAll –no-prompt
pwdReset:true
the parameter pwdReset is a operational attribute so you can add the attribute by using the LDAP browser, IDM through, or LDAP Modify command.
Here I used the Apache Directory studio to add the pwdReset attribute.
- Click on the user profile and then click the + button as shown in the below
- Type pwdReset and then click on finish
- Click on ok
- Enter the TRUE value
The user whenever trying to login then the user redirected to force change password and there the user needs to change the password.
Once the user changed the password successfully and then the attribute will be remove from the user profile operation attributes.
Hello! I am Narayanaswamy founder and admin of narayanatutorial.com. I have been working in the IT industry for more than 12 years. NarayanaTutorial is my web technologies blog. My specialties are Java / J2EE, Spring, Hibernate, Struts, Webservices, PHP, Oracle, MySQL, SQLServer, Web Hosting, Website Development, and IAM(ForgeRock) Specialist
I am a self-learner and passionate about training and writing. I am always trying my best to share my knowledge through my blog.
