Re: pwdMustChange Does not work

[andylockran <andy@zrmt.com>]

Shriwallabh,

For pwdMustChange - pwdReset must be set to TRUE.

You can either do this manually, by running an ldapmodify command and specifically changing the pwdReset attribute to TRUE, or by reseting the password with an administrator account.

At the moment, my LDAP server doesn't appear to be setting pwdReset to TRUE after a password has been changed by an administrator - however, due to a busy workload I've been unable to fix it.  

Please post back to the list if you find any solution to your issues.

Regards,

Andy

On Thu, 15 Nov 2007 19:38:43 +0800, "Aghor, Shriwallabh (Sachin)" <ashriwallabh@avaya.com> wrote:
> Hello,
>  
> We are using openldap 2.3.37 , We have set up ppolicy with following
> attributes :
>  
> <ppolicy.lidf>
> dn: cn=basicPwdPolicy,dc=avaya,dc=com
> cn: basicPwdPolicy
> objectClass: device
> objectClass: pwdPolicy
> objectClass: top
> pwdAttribute: 2.5.4.35
> pwdMaxAge: 86400
> pwdAllowUserChange: TRUE
> pwdMustChange: TRUE
> </ppolicy.lidf>
>  
> We have added this policy in slapd.conf file as below :
>  
> overlay ppolicy
> ppolicy_default "cn=basicPwdPolicy,dc=avaya,dc=com"
> 
>  
> For users we are adding we are able to see password expiry, however
> ("pwdMustChange") user is not forced to change the password for first
> login.
>  
> We want to force user to change its password on the first login.
>  
> Any help in this context will be appreciated
>  
>  
> Regards,
> Shriwallabh Aghor(Sachin) | CSAD R&D | Avaya India Pvt. Ltd | Level #
> 2,Tower # 1 | Cybercity, Magarpattacity,Hadapsar |
> Pune,Maharashtra,India 411028 | Voice: 91-20-30412611 | E-mail:
> ashriwallabh@avaya.com
> 
>   
>  
> 
>