Full_Name: Version: OS: URL: Submission from: (NULL) (192.166.104.102)

Feature Request: The Password Modify Extended Operation should set pwdReset: TRUE if the accompanying password policy specifies pwdMustChange: TRUE.

Section 8.2.7 of http://tools.ietf.org/html/draft-behera-ldap-password-policy-09#section-8.2 says:

If the value the pwdMustChange is TRUE and the modification is performed by a password administrator, then the pwdReset attribute is set to TRUE. Otherwise, the pwdReset is removed from the user's entry if it exists.

So the question is how to determine whether the modification is performed by a password administrator. There could be an attribute in the password policy entry with values like authzTo/authzFrom to specify the set of password admins.