On Thursday, 12 August 2010 21:47:18 Wei Gao wrote:
I have pwdMustChange set to true in my default ppolicy. I tried to change a user's password EITHER as Manager on LDAP server OR via the following command on my LDAP server
ldappasswd -x -D "cn=Manager,dc=example,dc=company" -W -S "uid=user1,ou=People,dc=example,dc=company"
Since I have pwdMustChange set to true, the user should be required to change his password when he tries to log in next time.
No.
But the system doesn't prompt the user to change his password. And when I ran slapcat -a '(uid=user1)', I saw most Operational Attributes except pwdReset.
You currently have to set pwdReset manually. I don't see any documentation that indicates that pwdReset should automatically be set when the password is changed in a specific way.
All my settings seem to be correct. I couldn't figure out what is wrong here.
One other question I have is: In my default ppolicy, I have pwdExpireWarning set to 1209600 (14 days). My current password is going to expire in 12 days, how come I don't see a warning message when I ssh to my system?
Misconfigured PAM stack probably (authorization, IOW account lines). There have been previous solutions in previous threads on this topic, and without any details of your system it isn't possible to assist further.
Regards, Buchan