I am trying to enable random password generation when a user account is created for the first time or the password has been reset. First of all, I did not get any evidence that if this can be done on account creation. Would appreciate if anyone can confirm this.
Secondly, I have configured & enabled the Random Password Generator and attached it to my password policy too. As per the documentation, if a password is not provided in the client's request, the Password Modify Extended Operation in conjunction with Password Generator generates a new password. But this is not working. Does this work with any kind of special operation? Please help, it would be greatly appreciated.
The Random Password Generator is enabled by default in OpenDJ (the actively developed fork of OpenDS, but I'm sure it is as well in OpenDS). It cannot be used at account creation, as there is no mechanism to return the generated password to the client application. So, the proper way to have a password generated, is to create the account without a password and then use ldappasswordmodify (or the Password Modify Extended Operation) to generate one. This will be automatically done if no new password is specified. This said, it cannot be done as an anonymous user. So, do it as Directory Manager but specifying the DN of the created account : ldappasswordmodify -D "cn=directory manager" -w password -a "dn:uid=user.0,ou=people,dc=example,dc=com" The LDAP password modify operation was successful Generated Password: cye99shz
I hope this helps.
Kind regards,
Ludo