CentOS OpenLDAP pwdReset Attribute
Th1am1dMonozoicK4runa
Th1am1dMonozoicK4runa at protonmail.com
Tue Oct 26 17:35:54 CEST 2021
On Tuesday, October 26th, 2021 at 8:56 AM, Alan DeKok <aland at deployingradius.com> wrote:
> You can always run an LDAP query manually via "unlang" to check the status of the pwdReset field.
For any future reader out there, as Alan suggested, this works perfectly fine. Hopefully it will help someone else:
sudo vim /etc/raddb/dictionary
ATTRIBUTE Password-Reset 3000 string
sudo vim /etc/raddb/mods-available/ldap
update{
control:Password-Reset += 'pwdReset'
}
sudo vim /etc/raddb/sites-available/default
post-auth {
if (control:Password-Reset == "TRUE") {
update reply {
&Reply-Message := "Your password has been reset. You must change your password."
}
reject
}
}
Thanks!
More information about the Freeradius-Users
mailing list