Hi,For lock status of the user account you may check his pwdAccountLockedTime attribute
pwdMustChange value is overridden by pwdReset, may be the value of this attribute is set to FALSE when you've does your test ?
Cheers. Le 16/04/2015 06:38, rockwang a écrit :
Hi, all I set policy for user as following # default, policies, abc.com dn: cn=default,ou=policies,dc=abc,dc=com objectClass: top objectClass: device objectClass: pwdPolicy cn: default pwdAttribute: userPassword pwdMaxAge: 7776002 pwdExpireWarning: 432000 pwdInHistory: 3 pwdCheckQuality: 1 pwdMinLength: 8 pwdMaxFailure: 5 pwdLockout: TRUE pwdLockoutDuration: 900 pwdGraceAuthNLimit: 0 pwdFailureCountInterval: 0 pwdMustChange: TRUE pwdAllowUserChange: TRUE pwdSafeModify: FALSEmy question is how to check user lock status. Another question is pwdMustChange doesn’t work in linux client when user first login.Rock.wang
-- *Abdelhamid MEDDEB* http://www.meddeb.net
smime.p7s
Description: Signature cryptographique S/MIME
