I use slapd 2.4.24 and I'd like users to be forced to change their
password after a reset by an administrator.
So, I've configured OpenLDAP with the ppolicy overlay, I've also
configured a default password policy
(with pwdmustchange: TRUE) but then, when bound as the rootdn and changing
a user's password, the
pwdReset attribute is not set to TRUE.
I can see the pwdchangedtime attribute has changed, as well as
modifiersname and modifytimestamp, but that's all.
And the user can bind with the new password. Also, the "-e ppolicy"
ldapsearch extension doesn't report anything special.
What could be wrong ?