Hi,
For lock status of the user account you may check his pwdAccountLockedTime attribute
pwdMustChange value is overridden by pwdReset, may be the value of this attribute is set to FALSE when you've does your test ?
Cheers.
Le 16/04/2015 06:38, rockwang a écrit :
Hi, all
I set policy for user as following# default, policies, abc.com
dn: cn=default,ou=policies,dc=abc,dc=com
objectClass: top
objectClass: device
objectClass: pwdPolicy
cn: default
pwdAttribute: userPassword
pwdMaxAge: 7776002
pwdExpireWarning: 432000
pwdInHistory: 3
pwdCheckQuality: 1
pwdMinLength: 8
pwdMaxFailure: 5
pwdLockout: TRUE
pwdLockoutDuration: 900
pwdGraceAuthNLimit: 0
pwdFailureCountInterval: 0
pwdMustChange: TRUE
pwdAllowUserChange: TRUE
pwdSafeModify: FALSE
my question is how to check user lock status. Another question is pwdMustChange doesn’t work in linux client when user first login.
Rock.wang