lucas theisen created DIRSERVER-1932:
----------------------------------------
Summary: Password policy pwdMinAge check should check for required
reset
Key: DIRSERVER-1932
URL: https://issues.apache.org/jira/browse/DIRSERVER-1932
Project: Directory ApacheDS
Issue Type: Bug
Components: core
Affects Versions: 2.0.0-M15, 2.0.0-M16
Reporter: lucas theisen
According to the rfc
(http://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-7.8):
7.8 Password Too Young Check
If the Section 7.2 check returned true then this check will return
false, to allow the password to be changed.
...
7.2 Password Must be Changed Now Check</b>
A status of true is returned to indicate that the password must be
changed if all of these conditions are met:
o The pwdMustChange attribute is set to TRUE.
o The pwdReset attribute is set to TRUE.
Otherwise a status of false is returned.
Therefore, if the admin sets the password, the user should be allowed
to change it even if pwdMinAge has not expired.
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
