--On Friday, September 18, 2020 12:38 PM -0700 Quanah Gibson-Mount quanah@symas.com wrote:
The SECOND command should be an appropiate 'ldapmodify' operation to add pwdReset: TRUE to the user entry.
You should run these on the command line so you can gather any error(s) returned by the utilities.
Hi Ed,
I wanted to add that the ability to modify the pwdReset attribute requires that the operation be done with an entity that has "Manage" rights or higher to the entry in question. You've not really provided any information on what entity is doing the write operation (rootdn? something else?) and what privileges that entity has. See the ldapmodify(5) man page on how to specify that the Manage DSA IT control be specified as part of the modification.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com