2011/7/5 Cyril Grosjean <[email protected]>: > > I use slapd 2.4.24 and I'd like users to be forced to change their password > after a reset by an administrator. > So, I've configured OpenLDAP with the ppolicy overlay, I've also configured > a default password policy > (with pwdmustchange: TRUE) but then, when bound as the rootdn and changing a > user's password, the > pwdReset attribute is not set to TRUE. > > I can see the pwdchangedtime attribute has changed, as well as modifiersname > and modifytimestamp, but that's all. > And the user can bind with the new password. Also, the "-e ppolicy" > ldapsearch extension doesn't report anything special. > > What could be wrong ? > -
Hi, some tips: * you must set pwdReset to TRUE yourself, this is never done automatically * when user changes its password, pwdReset is reverted to FALSE if it was TRUE, automatically * rootdn bypasses most of password policy constraints, you need to use a standard account to edit userPassword if you want to use password policy Clément.
