From:
"Peter Gietz"
<peter.gietz@daasi.de>
To: openldap-technical@openldap.org
Sent: Friday, April 13, 2018 1:08:31 PM
Subject: Re: exempt some users from OpenLDAP
password policy
Dear Tayyab,
well the error message says most of it.
The
attribute pwdChangedTime is defined in sect. 5.3.2. of https://tools.ietf.org/html/draft-behera-ldap-password-policy-10
as:
...
NO-USER-MODIFICATION
USAGE directoryOperation )
Which means, that an LDAP client is not allowed to modify
the values of this attribute, and that it is to be modified
by the directory server only.
And this makes perfectly sense, that the value is changed,
if and only if the password is being changed.
Cheers,
Peter
Am 12.04.2018 um 22:55 schrieb
Tayyab Saeed:
Dear All,
I have tried modifying
pwdChangedTime & facing below error
modifying entry
"uid=test1,ou=ITSupport,ou=people,dc=mydomain,dc=com"
ldap_modify: Constraint
violation (19)
additional info:
pwdChangedTime: no user modification allowed
Thanks,
Tayyab Saeed