Hi, I m using openldap-2.3.4 version with ppolicy enabled. I have a problem with the reset feature. If i set pwdReset and pwdMustChange attribute for a user, say testuser, I can see that it works as expected using ldapsearch command ie it never allows u to login & asks u to modify the password. Now for the problem: At the client side(say PHP), If i bind to the server using testuser and resetted password, i m allowed to log in..How is that possible...it should not work that way..right..It should emulate ldapsearch..am i right?
So the basic question is: Does ldap check the password restrictions(especially pwdreset,as my other restrictions like account locked etc....r getting checked) at bind time? If yes..then why the above problem...
thanks.
--------------------------------- Ahhh...imagining that irresistible "new car" smell? Check outnew cars at Yahoo! Autos.