Hi!
I have a question related to policy and a user with an expired password and all grace logins consumed, like this:
|
pwdChangedTime[0] |
20231127075102Z |
|
pwdGraceUseTime[0] |
20240429142254Z |
|
pwdGraceUseTime[1] |
20240430112006Z |
|
pwdGraceUseTime[2] |
20240527074731Z |
|
pwdGraceUseTime[3] |
20240528114912Z |
|
pwdGraceUseTime[4] |
20240528130249Z |
|
pwdFailureTime[0] |
20240611082600.348275Z |
How can the user change his password? The user cannot log in anymoe, obviously. If the user could log in he would have admin privileges.
I had the idea to delete the grace logins via ldapmodify, but the result (for version 2.4) was:
ldap_modify: Constraint violation (19)
additional info: pwdGraceUseTime: no user modification allowed
So what are the options (for the user himself and for an admin)?
Regards,
Ulrich