Thanks for that good pointer Dieter. Although it will force the user to change his password I'm not sure this will do the trick in our case. We have a custom passwd script that keeps both ldap and nis in sync. With the above I believe the Nis password won't be updated.
So is there a way to actually update the pwdChangedTime? (Even out of pure curiosity) Thanks On Aug 17, 2016 11:38, "Dieter Klünter" <die...@dkluenter.de> wrote: Am Wed, 17 Aug 2016 10:46:58 +0200 schrieb "PenguinWhispererThe ." <th3penguinwhispe...@gmail.com>: > Hi all, > > I've noticed that after a password reset pwdChangedTime gets updated. > > This is fine. We do have a policy in place that doesn't let you > modify your password again within a few days. > > I'd like to reset/change this pwdChangedTime so the user can reset his > password himself after logging in with the supplied password. However > deleting/modifying pwdChangedTime doesn't work. > > How should I resolve this? > I'm pretty sure this is not an ACL issue as my user matches the first > entry and is allowed to write all. > > I've seen some docs from IBM about removing pwdChangedTime being > possible but that might not apply to openldap. > man slapo-ppolicy(5), read carefully the comments on pwdReset. -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
