[Date Prev][Date Next]
Re: PPolicy Overlay - Wrongly expires user password
- To: OpenLDAP-software@OpenLDAP.org
- Subject: Re: PPolicy Overlay - Wrongly expires user password
- From: Shawn McKinney <email@example.com>
- Date: Tue, 4 Oct 2005 09:44:29 -0700 (PDT)
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=sbcglobal.net; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=BO5uCRMe3eo2W+4i8mPsqcejUi3wX8ZIIDNSc3gwycWS4aRvtDkFMBLIFnTJeD7XXT9mgr2fRmuYsBGUEyUcU+/HmfDvqDZPkAbK+UHyO/UlzzPzktNPQgqkwtaxfWC4xd8fXG4yuceRvQZsaDw5VnMuFdgc6ADfYyAB87Umzhk= ;
- In-reply-to: <434297D6.firstname.lastname@example.org>
--- Howard Chu <email@example.com> wrote:
> Hm, why are you using 2.3.5 and not 2.3.7?
That was the latest as of a few weeks ago. Did not
get the message that we must upgrade.
> > Observation:
> > PPolicy module doesn't like a null pwdChangedTime
> Correct. This behavior is by design.
> > Any ideas on what the corrective action might be?
> Yes, use ldappasswd to reset the password (which
> will create a valid
> pwdChangedTime value).
This password has not yet been reset as it is a newly
created user. Sounds like you are telling me that
following the creation of a new user in LDAP we must
subsequently reset their password?
I am hoping that admin setting the userPassword value
via LDAP API ( Java client program ) will duplicate
the behavior of ldappasswd you mentioned.