[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: pwdReset: TRUE not working
2012/10/5 Guillaume Rousse <guillomovitch@gmail.com>:
> Le 05/10/2012 16:50, Jason Cwik a écrit :
>
>> Hi,
>>
>> I've recently configured a new openldap 2.4.32 server with the ppolicy
>> overlay. Most of the features like lockout and minLength work fine,
>> but I can't seem to force the user's password to expire. I've even
>> set pwdReset: TRUE on the user's record to try and force them to reset
>> the password, but it doesn't seem to do anything.
>
> AFAIK, pwdReset TRUE just prevent the user to perform operation on the
> directory, but doesn't change anything on the bind operation. It means
> non-ppolicy aware client (apache mod_ldap, for instance) wont notice
> anything...
Right. You still can :
- BIND
- MODIFY userPassword attribute
These operations are required to change a password...
Clément.