Hello Buchan I set pwdReset manually and it worked. Thank you.
For my issue regarding pwdExpireWarning not displaying warning message when I ssh into my systems, I still can't figure out what I did wrong. Here is my default policy: dn: cn=default,ou=Policies,dc=example,dc=company objectClass: top objectClass: device objectClass: pwdPolicy cn: default pwdAllowUserChange: TRUE pwdAttribute: userPassword pwdCheckQuality: 2 pwdExpireWarning: 1209600 pwdFailureCountInterval: 0 pwdGraceAuthNLimit: 0 pwdInHistory: 24 pwdLockout: TRUE pwdLockoutDuration: 0 pwdMaxAge: 5184000 pwdMaxFailure: 3 pwdMinLength: 12 pwdMustChange: TRUE pwdSafeModify: FALSE pwdMaxAge works perfectly and so does every other attribute, except pwdExpireWarning. pwdExpireWarning is the only one I am having issues now. Not sure what I did wrong. Do you need to know any other details? Thank you very much for taking your time to help me. Regards Wei On Mon, Aug 16, 2010 at 11:12 AM, Buchan Milne <[email protected]>wrote: > On Thursday, 12 August 2010 21:47:18 Wei Gao wrote: > > I have pwdMustChange set to true in my default ppolicy. I tried to change > a > > user's password EITHER as Manager on LDAP server OR via the following > > command on my LDAP server > > > > ldappasswd -x -D "cn=Manager,dc=example,dc=company" -W -S > > "uid=user1,ou=People,dc=example,dc=company" > > > > Since I have pwdMustChange set to true, the user should be required to > > change his password when he tries to log in next time. > > No. > > > But the system > > doesn't prompt the user to change his password. And when I ran slapcat -a > > '(uid=user1)', I saw most Operational Attributes except pwdReset. > > You currently have to set pwdReset manually. I don't see any documentation > that indicates that pwdReset should automatically be set when the password > is > changed in a specific way. > > > All my > > settings seem to be correct. I couldn't figure out what is wrong here. > > > > One other question I have is: In my default ppolicy, I have > > pwdExpireWarning set to 1209600 (14 days). My current password is going > to > > expire in 12 days, how come I don't see a warning message when I ssh to > my > > system? > > Misconfigured PAM stack probably (authorization, IOW account lines). There > have > been previous solutions in previous threads on this topic, and without any > details of your system it isn't possible to assist further. > > Regards, > Buchan >
