2014-08-05 17:56 GMT+02:00 Bram Cymet <[email protected]>: > I am getting a little further with this. > > I have added > > pwdLockOut = TRUE > pwdMaxFialure = 5 > pwdMinLength = 8 > > Now if I try to log in with the wrong password it add a pwdFailureTime > attribute to the user as expected and after 5 I can't bind as that user > anymore. Then if I reset the password the user can log in again. So at > least something with the policy is working. > > When I change the password however it allows passwords with less then 8 > characters and pwdReset is still not set on the user's entry. > > Any thoughts on what might be happening? >
Hi, 1/ Password policy is not applied on password modification if the operation is done with the manager account 2/ Password size or strength is not verified if password is sent in hashed form, you need to send cleartext password to be able to check it 3/ pwdReset is not set to TRUE automatically, you need to set it by hand. Clément.
