Hi, all

     I set  policy for user as following

# default, policies, abc.com

dn: cn=default,ou=policies,dc=abc,dc=com

objectClass: top

objectClass: device

objectClass: pwdPolicy

cn: default

pwdAttribute: userPassword

pwdMaxAge: 7776002

pwdExpireWarning: 432000

pwdInHistory: 3

pwdCheckQuality: 1

pwdMinLength: 8

pwdMaxFailure: 5

pwdLockout: TRUE

pwdLockoutDuration: 900

pwdGraceAuthNLimit: 0

pwdFailureCountInterval: 0

pwdMustChange: TRUE

pwdAllowUserChange: TRUE

pwdSafeModify: FALSE

my question is how to check user lock status. Another question is pwdMustChange doesn’t work in linux client when user first login.

Rock.wang