[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem with Password Policy Overlay - Password Reset

To: OpenLDAP-software@OpenLDAP.org
Subject: Problem with Password Policy Overlay - Password Reset
From: Shawn McKinney <smmtech2@sbcglobal.net>
Date: Tue, 16 Aug 2005 11:03:03 -0700 (PDT)

Running version 2.3.4 on Linux - RHE4.

Experimenting with PPolicy Overlay features.  Password
reset usage question:

Is it OK for applications to modify user operational
attribute pwdReset?  

When I set user's pwdReset flag to true, user can't
authenticate, exception returned:
Operations are restricted to
bind/unbind/abandon/StartTLS/modify password;
Insufficient access

This is fine as user's password has been reset and
they will need to change it.

My problem is when I change user's password, I have to
reset the pwdReset flag to FALSE.   Anytime I do this,
the slapd process does not allow any operations by any
user until I restart.  

For example.  After clearing a user's pwdReset flag, a
different user can't search, even if this different
user is administratorin this case the user is root.

I get same error:
error result (50); Operations are restricted to
bind/unbind/abandon/StartTLS/modify password;
Insufficient access

Follow-Ups:
- Re: Problem with Password Policy Overlay - Password Reset
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: [JLDAP] Implementing the password reset extension
Next by Date: problem with sasl and openldap
Index(es):
- Chronological
- Thread