[Date Prev][Date Next]
(ITS#7084) Password Modify Extended Operation to set pwdReset: TRUE
Submission from: (NULL) (22.214.171.124)
The Password Modify Extended Operation should set pwdReset: TRUE if the
accompanying password policy specifies pwdMustChange: TRUE.
Section 8.2.7 of http://tools.ietf.org/html/draft-behera-ldap-password-policy-09#section-8.2
If the value the pwdMustChange is TRUE and the modification is
performed by a password administrator, then the pwdReset attribute is
set to TRUE. Otherwise, the pwdReset is removed from the user's
entry if it exists.
So the question is how to determine whether the modification is performed by a
password administrator. There could be an attribute in the password policy entry
with values like authzTo/authzFrom to specify the set of password admins.