A Forum reader recently asked:
“Does anyone know an easy way to force a global password change on our NetWare 6.5 server users? It’s a single tree with SP5 on it.”
And here’s the response from Novell’s Aaron Burgemeister …
You can expire them all via LDIF. Here’s what you need to do:
1. From Linux, run the following command to export/import the LDIF:
ldapsearch -h ipAddress -p 389 -D cn=admin,dc=context,dc=goes,dc=here -x - -W objectClass=user dn > outFile.ldif
2. You’ll be prompted for a password – even if you don’t see the prompt, be sure to type it in.
cp outFile.ldif inFile.ldif
3. Modify the file here, adding the following lines to each DN line:
changetype: modify add: passwordexpirationtime passwordexpirationtime: 20070101010000Z
4. Import it back in.
ldapmodify -h ipAddress -p 389 -D cn=admin,dc=context,dc=goes,dc=here -x - -W -f ./inFile.ldif
Looking at the users, they should all have passwords expiring at 1 a.m. (UTC) New Year’s Day 2007. For modifying the LDIF you should have no problems with a decent text editor. JEdit (free, cross-platform), UltraEdit (free trial, Windows only), CoolEdit and EditPlus (free trial, Windows only) are all options. Notepad/Wordpad/word will not do what you need them to without a lot of pain and suffering, so I wouldn’t even try there unless you are a macro king/queen.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.