Re: Problem with "force user to password reset at first login

[Rajagopal Rc <rajagopal.rc@tcs.com>]

Hi Michael,

Please suggest the process to achieve
this

Thanks & Regards
Raj



From:      
 Michael Ströder <michael@stroeder.com>
To:      
 Rajagopal Rc <rajagopal.rc@tcs.com>,
openldap-technical@openldap.org
Date:      
 11/21/2015 10:09 PM
Subject:    
   Re: Problem
with "force user to password reset at first login

---

Rajagopal Rc wrote:
> I am trying to force users to change their password at first login
or 
> after password reset by administrator.

I always recommend to define a better password reset process where the
admin
never has complete knowledge of a temporary reset password. Then you simply
don't need 'pwdReset'.

> Tried following:
> 1)Password policy 'pwdMustChange TRUE' doesn't seems to be working
as non 
> of the
> users get prompt to change their password at first login.
>
> 2) used the 'pwdReset TRUE' attribute in users attributes, and it
won't 
> prompt
> to change the password and didn't allow to login 

The LDAP client has to use the request ppolicy control and act upon the
status
returned in the ppolicy response control. Only very few LDAP clients do
that
correctly.

This all won't work in practice. See my recommendation above.

Ciao, Michael.

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you