You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by Dariush Behboudi <da...@eximia.it> on 2015/05/22 12:05:33 UTC
Must change password policy
Hi,
I’m trying to force a user (let’s say, USER_A) to change his password when the system admin resets it.
I’m using apache directory studio to make my tests.
I’ve enabled the password policy and when I reset the USER_A password logged as system the pwdReset=TRUE is created for this user.
Now, I create a new connection for USER_A with the new password created by the system user; what I’d expect would be that, connecting with the USER_A profile, the user should be asked to change his password but nothing happens;
the same happens even logging with other ldap clients such as Jxplorer.
All the other password policies (history, min length, account locked and expired) are working as expected.
Am I missing anything?
Best regards,
Dariush
Re: Must change password policy
Posted by Kiran Ayyagari <ka...@apache.org>.
On Fri, May 22, 2015 at 6:05 PM, Dariush Behboudi <
dariush.behboudi@eximia.it> wrote:
> Hi,
> I’m trying to force a user (let’s say, USER_A) to change his password when
> the system admin resets it.
> I’m using apache directory studio to make my tests.
> I’ve enabled the password policy and when I reset the USER_A password
> logged as system the pwdReset=TRUE is created for this user.
> Now, I create a new connection for USER_A with the new password created by
> the system user; what I’d expect would be that, connecting with the USER_A
> profile, the user should be asked to change his password but nothing
> happens;
> the same happens even logging with other ldap clients such as Jxplorer.
> All the other password policies (history, min length, account locked and
> expired) are working as expected.
> Am I missing anything?
>
studio doesn't support any such things, you need to handle theses cases in
whichever client program
you are using in your application. Note that this client program again has
to check the password policy
response control and act according to the hints set by the server in it.
> Best regards,
> Dariush
--
Kiran Ayyagari
http://keydap.com