On (25/08/16 20:44), [email protected] wrote: >I have an environment set up with OpenLDAP, ppolicy and sssd on Ubuntu 12.04. >I've got ppolicy working fine, for the most part, but I'm trying to set >pwdReset: TRUE in LDAP to force users to change passwords and it's not having >any effect. I have pwdMustChange: TRUE in the default password policy, and >password prompts for expired passwords works, so I know it's not grossly >misconfigured or something. > >I've spent a few days looking into this and from other posts and blogs it >sounds like pwdReset can be handled by sssd and is somehow enforced by pam, >but I'm not seeing any error messages about pam or password resets (pam >verbosity 3 and debug_level 9). With the lack of errors, I'm basically >wondering what are the requirements to get pwdReset functioning with sssd? > Ubuntu 12.04 seems to have sssd 1.8.2 The ppa[2] seems to have 1.11.5
It would be good to test with more recent version of sssd. You can try sssd in 16.04. I can confirm that "pwdReset: TRUE" works with latest sssd 1.13 which is in xenial(16.04) LS [1] http://packages.ubuntu.com/search?keywords=sssd&searchon=names&suite=precise§ion=all [2] https://launchpad.net/~sssd/+archive/ubuntu/updates _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
