|
I use slapd 2.4.24 and I'd like users to be forced to change their password after a reset by an administrator. So, I've configured OpenLDAP with the ppolicy overlay, I've also configured a default password policy (with pwdmustchange: TRUE) but then, when bound as the rootdn and changing a user's password, the pwdReset attribute is not set to TRUE. I can see the pwdchangedtime attribute has changed, as well as modifiersname and modifytimestamp, but that's all. And the user can bind with the new password. Also, the "-e ppolicy" ldapsearch extension doesn't report anything special. What could be wrong ? -
|