[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pwdReset: TRUE not working



Clément OUDOT wrote:
> 2012/10/5 Guillaume Rousse <guillomovitch@gmail.com>:
>> Le 05/10/2012 16:50, Jason Cwik a écrit :
>> AFAIK, pwdReset TRUE just prevent the user to perform operation on the
>> directory, but doesn't change anything on the bind operation. It means
>> non-ppolicy aware client (apache mod_ldap, for instance) wont notice
>> anything...
> 
> Right. You still can :
> - BIND
> - MODIFY userPassword attribute
> 
> These operations are required to change a password...

Yes, and BIND is the operation required to login to other systems. So user
won't notice anything if the LDAP client does not honor the ppolicy response
control.

Ciao, Michael.