On Mon, Feb 13, 2006 at 11:25:27AM -0800, Howard Chu wrote: > Andreas Hasenack wrote: > >How is the pwdMustChange policy supposed to be applied to ldap clients? > >Doesn't this need support in the client? I'm sure ldapsearch(1), for > >example, can't change the userPassword attribute, but it can > >authenticate without problems. So how is this policy going to be > >enforced? > > Try it and see. > ldapsearch -x -D uid=someuser,dc=example,dc=com -w mustchange -b > dc=example,dc=com
That's the thing, it didn't work here (the enforcement). I'll try reconfiguring again.