[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problem with the ppolicy overlay



2011/7/5 Cyril Grosjean <cgrosjean@janua.fr>:
>
> I use slapd 2.4.24 and I'd like users to be forced to change their password
> after a reset by an administrator.
> So, I've configured OpenLDAP with the ppolicy overlay, I've also configured
> a default password policy
> (with pwdmustchange: TRUE) but then, when bound as the rootdn and changing a
> user's password, the
> pwdReset attribute is not set to TRUE.
>
> I can see the pwdchangedtime attribute has changed, as well as modifiersname
> and modifytimestamp, but that's all.
> And the user can bind with the new password. Also, the "-e ppolicy"
> ldapsearch extension doesn't report anything special.
>
> What could be wrong ?
> -

Hi,

some tips:
* you must set pwdReset to TRUE yourself, this is never done automatically
* when user changes its password, pwdReset is reverted to FALSE if it
was TRUE, automatically
* rootdn bypasses most of password policy constraints, you need to use
a standard account to edit userPassword if you want to use password
policy


Clément.