Re: [EXT] Re: changing password with otp active

6 May 2025


      On Tue, May 06, 2025 at 07:36:24AM +0000, Windl, Ulrich wrote:
...
The issue I see with ldappasswd and shadow password attributes being
used (in 2.4) is that after a password change the shadow attributes
aren't updated (causing inconsistencies between password policy and
shadow attributes regarding the time of password expiration). But most
likely it does not affect you...
Hi Ulrich,
assuming you mean rfc2307(bis) attributes here:
With ppolicy in effect, you shouldn't need to manage the shadow
attributes since all the ppolicy tracking can and should be done either
in the server or by entities who understand how to process and enforce
them.
This is why slapo-ppolicy doesn't deal with them in the first place.
Regards,
-- 
Ondřej Kuzník
Senior Software Engineer
Symas Corporation                       http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: [EXT] Re: changing password with otp active