I m using openldap-2.3.4 version with ppolicy enabled. I have a problem with the reset feature. If i set pwdReset and pwdMustChange attribute for a user, say testuser, I can see that it works as expected using ldapsearch command ie  it never allows u to login & asks u to modify the password. Now for the problem: At the client side(say PHP), If i bind to the server using testuser and resetted password, i m allowed to log in..How is that possible...it should not work that way..right..It should emulate ldapsearch..am i right?
So the basic question is: Does ldap check the password restrictions(especially pwdreset,as my other restrictions like account locked etc....r getting checked) at bind time? If yes..then why the above problem...

Ahhh...imagining that irresistible "new car" smell?
Check out new cars at Yahoo! Autos.