2012/10/5 Guillaume Rousse guillomovitch@gmail.com:
Le 05/10/2012 16:50, Jason Cwik a écrit :
Hi,
I've recently configured a new openldap 2.4.32 server with the ppolicy overlay. Most of the features like lockout and minLength work fine, but I can't seem to force the user's password to expire. I've even set pwdReset: TRUE on the user's record to try and force them to reset the password, but it doesn't seem to do anything.
AFAIK, pwdReset TRUE just prevent the user to perform operation on the directory, but doesn't change anything on the bind operation. It means non-ppolicy aware client (apache mod_ldap, for instance) wont notice anything...
Right. You still can : - BIND - MODIFY userPassword attribute
These operations are required to change a password...
Clément.