2012/10/5 Guillaume Rousse <[email protected]>: > Le 05/10/2012 16:50, Jason Cwik a écrit : > >> Hi, >> >> I've recently configured a new openldap 2.4.32 server with the ppolicy >> overlay. Most of the features like lockout and minLength work fine, >> but I can't seem to force the user's password to expire. I've even >> set pwdReset: TRUE on the user's record to try and force them to reset >> the password, but it doesn't seem to do anything. > > AFAIK, pwdReset TRUE just prevent the user to perform operation on the > directory, but doesn't change anything on the bind operation. It means > non-ppolicy aware client (apache mod_ldap, for instance) wont notice > anything...
Right. You still can : - BIND - MODIFY userPassword attribute These operations are required to change a password... Clément.
