[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pwdReset: TRUE not working

To: Clément OUDOT <clem.oudot@gmail.com>
Subject: Re: pwdReset: TRUE not working
From: Michael Ströder <michael@stroeder.com>
Date: Fri, 05 Oct 2012 18:16:28 +0200
Cc: Guillaume Rousse <guillomovitch@gmail.com>, openldap-technical@openldap.org
In-reply-to: <CAK_oV490TfXH2EpzhP6iu1GBF+7tCHmSZHZYkJK-FjFAPh3OPg@mail.gmail.com>
References: <CADba=cCmiqs143eAJo4kXPj1s1fJe_+R_-M_UmKs4nQFQAjG2Q@mail.gmail.com> <506EFAFC.4010708@gmail.com> <CAK_oV490TfXH2EpzhP6iu1GBF+7tCHmSZHZYkJK-FjFAPh3OPg@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120909 Firefox/15.0.1 SeaMonkey/2.12.1

Clément OUDOT wrote:
> 2012/10/5 Guillaume Rousse <guillomovitch@gmail.com>:
>> Le 05/10/2012 16:50, Jason Cwik a écrit :
>> AFAIK, pwdReset TRUE just prevent the user to perform operation on the
>> directory, but doesn't change anything on the bind operation. It means
>> non-ppolicy aware client (apache mod_ldap, for instance) wont notice
>> anything...
> 
> Right. You still can :
> - BIND
> - MODIFY userPassword attribute
> 
> These operations are required to change a password...

Yes, and BIND is the operation required to login to other systems. So user
won't notice anything if the LDAP client does not honor the ppolicy response
control.

Ciao, Michael.

References:
- pwdReset: TRUE not working
  - From: Jason Cwik <jason@cwik.org>
- Re: pwdReset: TRUE not working
  - From: Guillaume Rousse <guillomovitch@gmail.com>
- Re: pwdReset: TRUE not working
  - From: Clément OUDOT <clem.oudot@gmail.com>

Prev by Date: Re: pwdReset: TRUE not working
Next by Date: Openldap Synchronization Issue
Index(es):
- Chronological
- Thread