From 78fd27c8a743b8de335fa1d2578c0569114f1bfe Mon Sep 17 00:00:00 2001
From: Andy Ning <andy.ning@windriver.com>
Date: Tue, 9 Aug 2022 15:40:50 +0000
Subject: [PATCH] Reset password after user is added

After user is added and password set, reset its password so that
the user will be asked to change password at first login, a similar
behavior as in CentOS.

Signed-off-by: Andy Ning <andy.ning@windriver.com>
---
 sbin/ldapadduser | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/sbin/ldapadduser b/sbin/ldapadduser
index cc44f7d..ecc073e 100755
--- a/sbin/ldapadduser
+++ b/sbin/ldapadduser
@@ -77,6 +77,24 @@ if [ -n "$_PASSWORD" ]
 then
   _changepassword "$_PASSWORD" "uid=$_USER,$USUFFIX,$SUFFIX"
   [ $? -eq 0 ] && echo_log "Successfully set password for user $_USER"
+
+  # reset user's password so the user will be asked to change password.
+  # These variables are used by the runtime script _ldapmodify which is sourced.
+  _ACTION="add"
+  _FIELD="pwdReset"
+  _VALUE="TRUE"
+
+  # Use template if necessary
+  if [ -n "$UMTEMPLATE" ] && [ -r "$UMTEMPLATE" ]
+  then
+    _getldif="cat $UMTEMPLATE"
+  else
+    _getldif="_extractldif 2"
+  fi
+
+  $_getldif | _filterldif | _utf8encode | _ldapmodify
+  [ $? -eq 0 ] || end_die "Error resetting password for user $_USER"
+  warn_log "Warning : password is reset, user will be asked to change password at login"
 else
   [ -n "$PASSWORDGEN" ] && warn_log "Warning : got invalid password for user $_USER (password not set)"
 fi
-- 
2.25.1