2011/6/21 Cyril GROSJEAN <cgrosjean(a)janua.fr>:
I use OpenLDAP 2.4.24 with the following default password policy,
because I want my users to change their password at first connection,
or after a password reset by an administrator:
description: Strategie de gestion des mots de passe par defaut
When creating a user account (either as administrator or any user with
the pwdReset attribute is not set automatically, and thus, the newly created
user can bind
and search without being forced to change his password.
I have to manually set the pwdReset attribute to TRUE in the user entry at
creation time or
after creation to force a password change. Is this normal behaviour ? I
would have expected
to see the pwdReset attribute automatically set (by the ppolicy overlay).
Otherwise, setting pwdMustChange to TRUE in the password policy definition
On the contrary, when the user changes his password, the pwdReset attribute
is automatically removed,
which tends to mean the password policy overlay is called and does something
in this case ..
I think this is the normal behavior. The configuration parameter
pwdMustChange means that pwdReset can be used in a user entry. Else
pwdReset will have no effect.