Андрей Добров писал(а):Для смены пароля в eDirectory имеется два свойства
- количество попыток с просроченным паролем
- и сама дата смены пароля.
Эти опции работают как часы, если бы пароль не использовали другие сервисы в конторе.
В клиенте MF имеется ещё два свойства
- Период вывода предупреждения об истечении срока действия пароля
- Применить период раннего истечения срока действия пароля
Любые вариации с этими опциями - не дали ни какого результата, для оповещения сотрудника.
Задача - за 14 дней предупреждать о дате смены пароля, чтоб сотрудник менял пароль до момента когда уйдет в отпуск, где мог бы к примеру использовать GW без проблем.
Кто-нибудь решил эту проблему.
Для этих целей много лет пользуемся утилитой тов. Baird-а
pwdexp, в логин скрипте:
Warning Users of Impending Password Expiration
Pwdexp is intended for use in a login script where it displays a warning if the user’s password is about to expire. It automatically determines the user name of the person logging in, and can be used to force the user to change their password. The GUI versions of pwdexp in parts 2 and 5 can also change the user’s local password if running from a Windows workstation, their Active Directory password when connected directly to the domain, and their simple password if they have one.
У нас конкретно вот так:
#pwdexp.exe /c /d:7 /g:5 /ys /f:0 /sa /z /v /m:"Пора менять пароль!"/c Parts 2 and 5 versions only. Force each dialog box to remain as the topmost window.
/d Specifies the number of days before password expiration that warnings should begin e.g. /d=5. The default is 7.
/f Force the user to change their password. When /f is used without a value, a change of password is forced only when the password has expired. A value may be given specifying the number of days prior to expiration on which to force a password change e.g. /f=5 would force a change 5 days prior to expiration.
/g Parts 2 and 5 versions only. Allows a delay in seconds to be specified before the password expiration date and time is checked. This may be used to allow time for replication to occur if the user has already changed their password at login in response to Novell’s login program reporting that the password needs changing. Without this option, it is possible for pwdexp to prompt for a password change when it has already been changed.
/s Stubborn mode. By default, when /f is used, pwdexp gives the user one chance to change the password. Use /s to force pwdexp to keep prompting for passwords until it is successfully changed. /s may have one value which modifies its behaviour:
a Causes stubborn mode to take effect only when the number of days to expiration are less than or equal to the value given for /f.
/y Controls how the user name is displayed by the GUI versions of pwdexp. The following letters may be used:
c Canonical (distinguished) form without types.
d Canonical (distinguished) form without types and with a leading period.
l LDAP format i.e. typed distinguished names using commas instead of periods.
s The short (common) name.
t Include types in non-LDAP names.
u Replace spaces in names with underscores. This option may be useful when the results are to be used as input to another program.
x Relative to the current context. This is the default.
/v Forces communication with the server holding the master replica when reading the user’s password expiration time and for changing the password.
/z Parts 2 and 5 versions only. Prevents setting any other passwords if the eDirectory (NDS or universal) password is not changed successfully.
https://jrbsoftware.comНО!:
JRButils for Micro Focus and JRButils for AD
After 30 years of software releases dating back to the early 1990's, John Baird finally retired at the end of 2021.
JRB Software Limited has closed down, but John remains contactable at
john@jrbsoftware.com