Clément OUDOT wrote: > 2012/10/5 Guillaume Rousse <[email protected]>: >> Le 05/10/2012 16:50, Jason Cwik a écrit : >> AFAIK, pwdReset TRUE just prevent the user to perform operation on the >> directory, but doesn't change anything on the bind operation. It means >> non-ppolicy aware client (apache mod_ldap, for instance) wont notice >> anything... > > Right. You still can : > - BIND > - MODIFY userPassword attribute > > These operations are required to change a password...
Yes, and BIND is the operation required to login to other systems. So user won't notice anything if the LDAP client does not honor the ppolicy response control. Ciao, Michael.
