Shriwallabh,

For pwdMustChange - pwdReset must be set to TRUE.

You can either do this manually, by running an ldapmodify command and specifically changing the pwdReset attribute to TRUE, or by reseting the password with an administrator account.

At the moment, my LDAP server doesn't appear to be setting pwdReset to TRUE after a password has been changed by an administrator - however, due to a busy workload I've been unable to fix it.

Please post back to the list if you find any solution to your issues.

Regards,

Andy

On Thu, 15 Nov 2007 19:38:43 +0800, "Aghor, Shriwallabh (Sachin)" ashriwallabh@avaya.com wrote:

Hello,

We are using openldap 2.3.37 , We have set up ppolicy with following attributes :

<ppolicy.lidf> dn: cn=basicPwdPolicy,dc=avaya,dc=com cn: basicPwdPolicy objectClass: device objectClass: pwdPolicy objectClass: top pwdAttribute: 2.5.4.35 pwdMaxAge: 86400 pwdAllowUserChange: TRUE pwdMustChange: TRUE </ppolicy.lidf>

We have added this policy in slapd.conf file as below :

overlay ppolicy ppolicy_default "cn=basicPwdPolicy,dc=avaya,dc=com"

For users we are adding we are able to see password expiry, however ("pwdMustChange") user is not forced to change the password for first login.

We want to force user to change its password on the first login.

Any help in this context will be appreciated

Regards, Shriwallabh Aghor(Sachin) | CSAD R&D | Avaya India Pvt. Ltd | Level # 2,Tower # 1 | Cybercity, Magarpattacity,Hadapsar | Pune,Maharashtra,India 411028 | Voice: 91-20-30412611 | E-mail: ashriwallabh@avaya.com