https://fedorahosted.org/389/ticket/47492
https://fedorahosted.org/389/attachment/ticket/47492/0001-Ticket-47492-PassSync-removes-User-must-change-passw.patch Bug description: Windows Sync sends password modify even if it is from PassSync originated on AD. The modify updates the pwdLastSet attribute value to non-zero value. The value 0 indicates the pass- word must change at next logon on AD. Fix description: Before sending the password modify, check whether the current pwdLastSet value is 0 or not. If it is 0 (means the password must change), reset pwdLastSet value to 0 along with the password modify. This operation replaces the password on AD, but the password still must change at next logon. Note: If "password must change at next logon" on the both DS and AD, the password needs to be changed by the user on the both servers to enable it on each. -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
