[ApacheDS] How Can I Get Password Policy To Be Enforced With uid=admin,ou=system?

["Pittman, Michael" <mp...@harris.com>]

Hi Guys,

I'm using your implementation of temporary passwords by using the configuration ads-pwdMustChange in my password policy. However, I am running in to issues when I am resetting from a non-temporary password back to a temporary password. The only way I can get the pwdReset flag to be reset is to bind to uid=admin,ou=system and change the password.

The issue I'm having is that when I bind to uid=admin,ou=system, the password policy is bypassed entirely. Meaning I cannot enforce password validation and reuse requirements when I am resetting a temporary password.

Any ideas on how I can get around this?

My initial thoughts are to bind to a normal user and attempt to change the password, then if it is successful I can go in an bind to uid=admin,ou=system and change the password to the same thing I just changed it to before (thus resetting the pwdReset flag). However, I don't want to have to make two requests because if the first request works and the second request fails, then I would have effectively set a non-temporary password when I was trying to set a temporary password.

Thanks,

Michael Pittman
Software Engineer
CRITICAL NETWORKS / HARRIS CORPORATION
Mobile: (863) 517-1910