On Thursday, 12 August 2010 21:47:18 Wei Gao wrote:
> I have pwdMustChange set to true in my default ppolicy. I tried to change a
> user's password EITHER as Manager on LDAP server OR via the following
> command on my LDAP server
>
> ldappasswd -x -D "cn=Manager,dc=example,dc=company" -W -S
> "uid=user1,ou=People,dc=example,dc=company"
>
> Since I have pwdMustChange set to true, the user should be required to
> change his password when he tries to log in next time.
No.
> But the system
> doesn't prompt the user to change his password. And when I ran slapcat -a
> '(uid=user1)', I saw most Operational Attributes except pwdReset.
You currently have to set pwdReset manually. I don't see any documentation
that indicates that pwdReset should automatically be set when the password is
changed in a specific way.
> All my
> settings seem to be correct. I couldn't figure out what is wrong here.
>
> One other question I have is: In my default ppolicy, I have
> pwdExpireWarning set to 1209600 (14 days). My current password is going to
> expire in 12 days, how come I don't see a warning message when I ssh to my
> system?
Misconfigured PAM stack probably (authorization, IOW account lines). There have
been previous solutions in previous threads on this topic, and without any
details of your system it isn't possible to assist further.
Regards,
Buchan