[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PPolicy Overlay - Wrongly expires user password

To: OpenLDAP-software@OpenLDAP.org
Subject: Re: PPolicy Overlay - Wrongly expires user password
From: Shawn McKinney <smmtech2@sbcglobal.net>
Date: Tue, 4 Oct 2005 09:44:29 -0700 (PDT)
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=sbcglobal.net; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=BO5uCRMe3eo2W+4i8mPsqcejUi3wX8ZIIDNSc3gwycWS4aRvtDkFMBLIFnTJeD7XXT9mgr2fRmuYsBGUEyUcU+/HmfDvqDZPkAbK+UHyO/UlzzPzktNPQgqkwtaxfWC4xd8fXG4yuceRvQZsaDw5VnMuFdgc6ADfYyAB87Umzhk= ;
In-reply-to: <434297D6.8010808@symas.com>

--- Howard Chu <hyc@symas.com> wrote:

> Hm, why are you using 2.3.5 and not 2.3.7?

That was the latest as of a few weeks ago.  Did not
get the message that we must upgrade.

> >  Observation:
> >
> >  PPolicy module doesn't like a null pwdChangedTime
> attribute.
> 
> Correct. This behavior is by design.
> 
> >  Any ideas on what the corrective action might be?
> 
> Yes, use ldappasswd to reset the password (which
> will create a valid 
> pwdChangedTime value).

This password has not yet been reset as it is a newly
created user.  Sounds like you are telling me that
following the creation of a new user in LDAP we must
subsequently reset their password?  

I am hoping that admin setting the userPassword value
via LDAP API ( Java client program ) will duplicate
the behavior of ldappasswd you mentioned.

Thanks,

Shawn McKinney

References:
- Re: PPolicy Overlay - Wrongly expires user password
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Problem Resolved - Re: PPolicy Overlay - Wrongly expires user password
Next by Date: Re: PPolicy Overlay - Wrongly expires user password
Index(es):
- Chronological
- Thread