[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pwdPolicy pwdMustChange enforcement



Andreas Hasenack wrote:
How is the pwdMustChange policy supposed to be applied to ldap clients?
Doesn't this need support in the client? I'm sure ldapsearch(1), for
example, can't change the userPassword attribute, but it can
authenticate without problems. So how is this policy going to be
enforced?

Try it and see.
ldapsearch -x -D uid=someuser,dc=example,dc=com -w mustchange -b dc=example,dc=com


--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/