Hugo Etievant wrote:
If i use ldapmodify command, some change of password policy's "User
may change password" attribute is used immedialety without ldap deamon
but if y use ldappassword, i have to restart ldap deamon !!!
why this difference ?
Let me see if I understand. After changing the password
policy to "User
may change password":
If you use ldapmodify to change the userPassword attribute, the policy
is in effect immediately without a server restart
If you use ldappasswd to change the user's password, the policy is not
in effect until after a server restart
Is this correct? If so, sounds like a bug - in either case, the change
should take effect immediately.
Rich Megginson a écrit :
> Hugo Etievant wrote:
>> I try to use the global password policy in order to forbid the
>> change of user password.
>> I put the field "User may change password" unchecked with console.
>> But normal users can change their own password with
>> /usr/lib/mozldap/ldappasswd command :
>> # /usr/lib/mozldap/ldappasswd -P /etc/dirsrv/slapd-fds1/ -m
>> /etc/dirsrv/slapd-fds1/ -D "uid=user1,ou=People,dc=example,dc=com"
>> -w - -S
>> ldappasswd: password successfully changed
> What if you use ldapmodify to modify the userPassword attribute
> directly - same result?
>> CONCLUSION = All change of the field "User may change password" on
>> Password Policy require a restart of the LDAP daemon !