Shriwallabh,
For pwdMustChange - pwdReset must be set to TRUE.
You can either do this manually, by running an ldapmodify command and
specifically changing the pwdReset attribute to TRUE, or by reseting the
password with an administrator account.
At the moment, my LDAP server doesn't appear to be setting pwdReset to TRUE
after a password has been changed by an administrator - however, due to a busy
workload I've been unable to fix it.
Please post back to the list if you find any solution to your issues.
Regards,
Andy
On Thu, 15 Nov 2007 19:38:43 +0800, "Aghor, Shriwallabh (Sachin)" <[EMAIL
PROTECTED]> wrote:
> Hello,
>
> We are using openldap 2.3.37 , We have set up ppolicy with following
> attributes :
>
> <ppolicy.lidf>
> dn: cn=basicPwdPolicy,dc=avaya,dc=com
> cn: basicPwdPolicy
> objectClass: device
> objectClass: pwdPolicy
> objectClass: top
> pwdAttribute: 2.5.4.35
> pwdMaxAge: 86400
> pwdAllowUserChange: TRUE
> pwdMustChange: TRUE
> </ppolicy.lidf>
>
> We have added this policy in slapd.conf file as below :
>
> overlay ppolicy
> ppolicy_default "cn=basicPwdPolicy,dc=avaya,dc=com"
>
>
> For users we are adding we are able to see password expiry, however
> ("pwdMustChange") user is not forced to change the password for first
> login.
>
> We want to force user to change its password on the first login.
>
> Any help in this context will be appreciated
>
>
> Regards,
> Shriwallabh Aghor(Sachin) | CSAD R&D | Avaya India Pvt. Ltd | Level #
> 2,Tower # 1 | Cybercity, Magarpattacity,Hadapsar |
> Pune,Maharashtra,India 411028 | Voice: 91-20-30412611 | E-mail:
> [EMAIL PROTECTED]
>
>
>
>
>
