[Date Prev][Date Next]
Re: ppolicy overlay and pwdreset attribute question
According to the source code, it seems you're right. But according to the OpenLDAP 2.4 admin guide
it should be wrong, or at least, it doesn't look consistent to me since it mentions the following (when
pwdMustChange is set to FALSE):
The password does not need to be changed at the first bind or when the
administrator has reset the password (pwdMustChange: FALSE)
So, from what I understand, if pwdMustChange is set to TRUE, the password needs to be changed at the first bind, or when the
administrator has reset it.
Also, the slapo-ppolicy man pages tends to mean the same thing:
This attribute specifies whether users must change their passwords when
they first bind to the directory after a password is set or reset by
the administrator, or not. If pwdMustChange has a value of "TRUE",
users must change their passwords when they first bind to the directory
after a password is set or reset by the administrator.