Hi, Have anyone else had a problem with the pwdMustChange setting in the Password policy. I have it set to TRUE which should mean that if the password have been reset by an admin should force the user to change his/her password upon first login. No such thing happens.
I have do ne some research and this came up ²You can do this manually, by running an ldapmodify command and specifically changing the pwdReset attribute to TRUE² I have done a search of my DIT to show the system attributes of the accounts: ldapsearch -x -b "dc=example,dc=com" "(objectclass=*)" '*' '+' The field pwdReset does not come up at all, which means that it is not set by openLDAP when the password is reset by an administrator: dn: uid=xxxx,ou=People,dc=xxxxxx,dc=xxx uid: xxxx cn: xxxxx sn: xxxxxxx objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount shadowLastChange: 13749 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 1081 gidNumber: 1081 homeDirectory: /home/xxxxxx gecos: xxxxxxx mail: xxxxxxx structuralObjectClass: inetOrgPerson entryUUID: 72615aae-9f52-4d84-b766-3e06bdfaeb53 creatorsName: cn=Manager,dc=example,dc=com createTimestamp: 20091211113244Z userPassword:: xxxxxxxxxxxxxxxxx pwdChangedTime: 20091211113354Z pwdHistory: xxxxxxxxxxxxxx entryCSN: 20091211113354.129221Z#000000#000#000000 modifiersName: cn=Manager,dc=example,dc=com modifyTimestamp: 20091211113354Z entryDN: uid=xxxxx,ou=People,dc=xxxxx,dc=xxxx subschemaSubentry: cn=Subschema hasSubordinates: FALSE
_______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
