[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pwdPolicy pwdMustChange enforcement

To: Andreas Hasenack <ahasenack@terra.com.br>
Subject: Re: pwdPolicy pwdMustChange enforcement
From: Howard Chu <hyc@symas.com>
Date: Mon, 13 Feb 2006 11:25:27 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20060213182254.GK4225@conectiva.com.br>
References: <20060213182254.GK4225@conectiva.com.br>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060209 SeaMonkey/1.5a Mnenhy/0.7.3.0

Andreas Hasenack wrote:

How is the pwdMustChange policy supposed to be applied to ldap clients?
Doesn't this need support in the client? I'm sure ldapsearch(1), for
example, can't change the userPassword attribute, but it can
authenticate without problems. So how is this policy going to be
enforced?

Try it and see. ldapsearch -x -D uid=someuser,dc=example,dc=com -w mustchange -b dc=example,dc=com

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/

Follow-Ups:
- Re: pwdPolicy pwdMustChange enforcement
  - From: Andreas Hasenack <ahasenack@terra.com.br>
- Re: pwdPolicy pwdMustChange enforcement
  - From: Andreas Hasenack <ahasenack@terra.com.br>

References:
- pwdPolicy pwdMustChange enforcement
  - From: Andreas Hasenack <ahasenack@terra.com.br>

Prev by Date: Re: 2.3.20 Engineering: SASL workaround
Next by Date: Re: 2.3.20 Engineering: SASL workaround
Index(es):
- Chronological
- Thread