Sandeep- I had a similar problem when I first enabled password policy and I traced it down to the fact that existing accounts did not have one of the operational attributes and so openldap considered the account's password to be expired. I can try to figure out which attribute it was if you would like.
My workaround was to create a password policy which had no password aging and to set all accounts to use that policy. Hope that helps a bit, roy "Sandeep A.S" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 06/27/2006 06:34 AM Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED] cc [email protected] Subject Re: ppolicy asking for password change I am able to rectify this issue by creating the accout again. This problem happens only to the accouts which exists before adding the ppolicy directive. And it is not happening to the account which I created later. As a workaroud I deleted all the accounts and created it again. I got this point after searching the archives. Thanks a lot Sandeep Sandeep A.S wrote: > Hi > > I am using openldap version 2-3-24. > I made the ppolicy overlay enabled > > Whenever user logs in it ask to change the password . > > After changing the password aslo next time login ,it aks to change the > password > with the error password aged. > The following is my standerd policy: > dn: cn=Standard Policy,ou=Policies,dc=nc,dc=com > objectClass: top > objectClass: device > objectClass: pwdPolicy > cn: Standard Policy > pwdAttribute: userPassword > pwdMaxFailure: 3 > pwdInHistory: 3 > pwdMinLength: 6 > pwdExpireWarning: 259200 > pwdAllowUserChange: TRUE > pwdFailureCountInterval: 300 > pwdGraceAuthNLimit: 1 > pwdLockoutDuration: 300 > pwdMustChange: FALSE > pwdCheckQuality: 1 > pwdMaxAge: 10368000 > > my slapd.conf is below: > > <sniped> > database bdb > overlay ppolicy > ppolicy_default "cn=Standard Policy,ou=Policies,dc=nc,dc=com" > ppolicy_use_lockout > > Any pointer to troubleshoot this issue ? > -Thanks > Sandeep
