[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with "force user to password reset at first login

To: Rajagopal Rc <rajagopal.rc@tcs.com>, openldap-technical@openldap.org
Subject: Re: Problem with "force user to password reset at first login
From: Michael Ströder <michael@stroeder.com>
Date: Sat, 21 Nov 2015 17:39:02 +0100
In-reply-to: <OF66A82D46.FCC4502E-ON65257F03.002A9F5A-65257F03.002ABF62@tcs.com>
References: <OF66A82D46.FCC4502E-ON65257F03.002A9F5A-65257F03.002ABF62@tcs.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:42.0) Gecko/20100101 SeaMonkey/2.39

Rajagopal Rc wrote:
> I am trying to force users to change their password at first login or 
> after password reset by administrator.

I always recommend to define a better password reset process where the admin
never has complete knowledge of a temporary reset password. Then you simply
don't need 'pwdReset'.

> Tried following:
> 1)Password policy 'pwdMustChange TRUE' doesn't seems to be working as non 
> of the
> users get prompt to change their password at first login.
>
> 2) used the 'pwdReset TRUE' attribute in users attributes, and it won't 
> prompt
> to change the password and didn't allow to login 

The LDAP client has to use the request ppolicy control and act upon the status
returned in the ppolicy response control. Only very few LDAP clients do that
correctly.

This all won't work in practice. See my recommendation above.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: Problem with "force user to password reset at first login
  - From: Rajagopal Rc <rajagopal.rc@tcs.com>

References:
- Problem with "force user to password reset at first login
  - From: Rajagopal Rc <rajagopal.rc@tcs.com>

Prev by Date: Re: Problem with "force user to password reset at first login
Next by Date: Re: Human-friendly olcAccess management
Index(es):
- Chronological
- Thread