[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Please help me with ppolicy pwdReset

To: Scott Classen <SClassen@lbl.gov>
Subject: Re: Please help me with ppolicy pwdReset
From: Scott Classen <sclassen@lbl.gov>
Date: Sat, 19 Jul 2008 21:12:39 -0700
Cc: openldap-technical@openldap.org
In-reply-to: <AB1C5046-9275-4D1A-8BBA-E6C0A6C6C07C@lbl.gov>
References: <AB1C5046-9275-4D1A-8BBA-E6C0A6C6C07C@lbl.gov>


On Jul 18, 2008, at 10:22 PM, Scott Classen wrote:

Hi All,

this is my default ppolicy:

dn: cn=default,ou=Policies,dc=example,dc=com
objectClass: pwdPolicy
objectClass: top
objectClass: device
pwdAttribute: userPassword
pwdMaxFailure: 3
pwdFailureCountInterval: 0
pwdAllowUserChange: TRUE
cn: default
pwdSafeModify: FALSE
pwdExpireWarning: 0
pwdInHistory: 1
pwdMinLength: 7
pwdGraceAuthNLimit: 1
pwdLockout: TRUE
pwdLockoutDuration: 300
pwdMaxAge: 63072000
pwdCheckQuality: 2
pwdMustChange: TRUE
pwdMinAge: 0

Here is an example of a user with their pwdReset attribute set to TRUE. I've only included the relevant lines:

dn: uid=newguy,ou=People,dc=example,dc=com
pwdChangedTime: 20080718234642Z
pwdReset: TRUE
pwdPolicySubentry: cn=default,ou=Policies,dc=example,dc=com

Shouldn't this user be requested to change their password the next time the log in?

Well they're not. logins a successful and there is no prompting for a new password.

Can someone please help me trouble shoot this?

Thanks,
Scott

Well I fixed the problem. I just needed to add the following line to my client /etc/ldap.conf files

pam_lookup_policy yes
Yeah! now users are prompted to change their passwords.

References:
- Please help me with ppolicy pwdReset
  - From: Scott Classen <sclassen@lbl.gov>

Prev by Date: Re: BDB selection, et al.
Next by Date: Re: BDB selection, et al.
Index(es):
- Chronological
- Thread