Re: pwdReset: TRUE not working

[Clément OUDOT <clem.oudot@gmail.com>]

2012/10/5 Guillaume Rousse <guillomovitch@gmail.com>:
> Le 05/10/2012 16:50, Jason Cwik a écrit :
>
>> Hi,
>>
>> I've recently configured a new openldap 2.4.32 server with the ppolicy
>> overlay.  Most of the features like lockout and minLength work fine,
>> but I can't seem to force the user's password to expire.  I've even
>> set pwdReset: TRUE on the user's record to try and force them to reset
>> the password, but it doesn't seem to do anything.
>
> AFAIK, pwdReset TRUE just prevent the user to perform operation on the
> directory, but doesn't change anything on the bind operation. It means
> non-ppolicy aware client (apache mod_ldap, for instance) wont notice
> anything...

Right. You still can :
- BIND
- MODIFY userPassword attribute

These operations are required to change a password...

Clément.