Hi all,
I've noticed that after a password reset pwdChangedTime gets updated.
This is fine. We do have a policy in place that doesn't let you modify your password again within a few days.
I'd like to reset/change this pwdChangedTime so the user can reset his password himself after logging in with the supplied password. However deleting/modifying pwdChangedTime doesn't work.
How should I resolve this? I'm pretty sure this is not an ACL issue as my user matches the first entry and is allowed to write all.
I've seen some docs from IBM about removing pwdChangedTime being possible but that might not apply to openldap.
Thanks in advance!
Am Wed, 17 Aug 2016 10:46:58 +0200 schrieb "PenguinWhispererThe ." th3penguinwhisperer@gmail.com:
Hi all,
I've noticed that after a password reset pwdChangedTime gets updated.
This is fine. We do have a policy in place that doesn't let you modify your password again within a few days.
I'd like to reset/change this pwdChangedTime so the user can reset his password himself after logging in with the supplied password. However deleting/modifying pwdChangedTime doesn't work.
How should I resolve this? I'm pretty sure this is not an ACL issue as my user matches the first entry and is allowed to write all.
I've seen some docs from IBM about removing pwdChangedTime being possible but that might not apply to openldap.
man slapo-ppolicy(5), read carefully the comments on pwdReset.
-Dieter
openldap-technical@openldap.org