[Date Prev][Date Next]
Must pwdReset always be set explicitly?
The draft description of ppolicy (draft-behera-ldap-password-policy-09.txt)
from July 17 2005 says among other things
"If the value the pwdMustChange is TRUE and the modification is performed
by a password administrator, then the pwdReset attribute is set to TRUE.
My impression, using OpenLDAP up to v.2.4.10 is that it rather is
implemented as "...and the pwdReset attribute is set to TRUE, the user has
to change his password." (i.e. to set pwdReset signals the very fact that
I am a password administrator.)?
(On the other hand - the reset of the pwdReset attribute when the user
actually chooses a new password is as expected automatically performed by
the OpenLDAP software.)
The Behera draft expired more than two years ago - in a more recent IETF
draft by Zeilenga from march 2008, there is a suggestion to replace
pwdReset by passwdChangeRequired. Also this draft is expired by now - did
it make way into any OpenLDAP code?
IT-Forum, IT-Arkitektur och systemutveckling
141 86 STOCKHOLM