OpenLDAP Password Expiration with pwdReset=TRUE?
Posted
by
jsight
on Server Fault
See other posts from Server Fault
or by jsight
Published on 2009-11-25T20:28:31Z
Indexed on
2014/05/28
9:34 UTC
Read the original article
Hit count: 364
I have configured the ppolicy overlay for OpenLDAP to enable password policies. These things work:
- Password lockouts on too many failed attempts
- Password Change required once pwdReset=TRUE added to user entry
- Password Expirations
If the account is locked out due to intrusion attempts (too many bad passwords) or time (expiration time hit), the account must be reset by an administrator.
However, when the administrator sets pwdReset=TRUE in the profile, this seems to also override the expiration policy. So, the password that the administrator sent out (which should be a temporary password) ends up being valid permanently.
Is there a way in OpenLDAP to have a password that must be changed, but also MUST expire?
© Server Fault or respective owner