On Jul 18, 2008, at 10:22 PM, Scott Classen wrote:
Hi All,
this is my default ppolicy:
dn: cn=default,ou=Policies,dc=example,dc=com objectClass: pwdPolicy objectClass: top objectClass: device pwdAttribute: userPassword pwdMaxFailure: 3 pwdFailureCountInterval: 0 pwdAllowUserChange: TRUE cn: default pwdSafeModify: FALSE pwdExpireWarning: 0 pwdInHistory: 1 pwdMinLength: 7 pwdGraceAuthNLimit: 1 pwdLockout: TRUE pwdLockoutDuration: 300 pwdMaxAge: 63072000 pwdCheckQuality: 2 pwdMustChange: TRUE pwdMinAge: 0
Here is an example of a user with their pwdReset attribute set to TRUE. I've only included the relevant lines:
dn: uid=newguy,ou=People,dc=example,dc=com pwdChangedTime: 20080718234642Z pwdReset: TRUE pwdPolicySubentry: cn=default,ou=Policies,dc=example,dc=com
Shouldn't this user be requested to change their password the next time the log in?
Well they're not. logins a successful and there is no prompting for a new password.
Can someone please help me trouble shoot this?
Thanks, Scott
Well I fixed the problem. I just needed to add the following line to my client /etc/ldap.conf files
pam_lookup_policy yes Yeah! now users are prompted to change their passwords.