On Thu, Jan 22, 2015 at 4:44 AM, David Paulsen <[email protected]> wrote:
> > > Hi Kiran, it's working now. What happened is that in my password > policy, > > > I had changed ads-pwdallowuserchange=TRUE, but I hadn't restarted > the > > > LDAP server, and apparently password policy changes don't take > effect > > > until the server is restarted. > > > > > ah! > > > > > > > > Once I restarted, I could change the password when connected as the > user > > > I'm changing the password for. And, if I attempt to change the > password > > > before the pwdMinAge expires, I get a code = 19 "password is too > young > > > to update" error as expected. All good. > > > > > > Is there any way around requiring a restart of the server to have > > > password policy settings take effect? This would be a major issue > for us > > > > > not yet, I have been sitting on this idea for far too long, but the > effort > > stopped > > midway > > > > > because we create/change password policy configurations often (we > > > maintain password policies per customer). > > > > > > > > Thank you for your help! > > > > > > > > > > > > > > > Is there a way to formally request the enhancement to not require a > there was one filed a while ago https://issues.apache.org/jira/browse/DIRSERVER-1809 > restart, or is it already on your radar and you'll get to it when you > can? We are very eager to get this capability added. > -- Kiran Ayyagari http://keydap.com
