2014-08-05 17:56 GMT+02:00 Bram Cymet bcymet@cbnco.com:
I am getting a little further with this.
I have added
pwdLockOut = TRUE pwdMaxFialure = 5 pwdMinLength = 8
Now if I try to log in with the wrong password it add a pwdFailureTime attribute to the user as expected and after 5 I can't bind as that user anymore. Then if I reset the password the user can log in again. So at least something with the policy is working.
When I change the password however it allows passwords with less then 8 characters and pwdReset is still not set on the user's entry.
Any thoughts on what might be happening?
Hi,
1/ Password policy is not applied on password modification if the operation is done with the manager account 2/ Password size or strength is not verified if password is sent in hashed form, you need to send cleartext password to be able to check it 3/ pwdReset is not set to TRUE automatically, you need to set it by hand.
Clément.