openLDAP pwdReset pwdMustChange
dfisher at vt.edu
Wed Aug 24 01:51:32 UTC 2022
On Tue, Aug 23, 2022 at 1:31 AM Lipscomb, Gary via users <
users at shibboleth.net> wrote:
> Has anyone done this?
It appears you're attempting to use
for your password policy implementation.
> - idp.authn.LDAP.usePasswordPolicy = true
This is the property you want set to true to enable this feature.
> - idp.authn.LDAP.usePasswordExpiration = true
This property enables a different type of password policy implementation (
Set it to false.
Assuming you've configured the ppolicy overlay correctly in OpenLDAP....
Your IDP should signal a warning type of AuthnEventIds.ACCOUNT_WARNING
when a password warning is returned from an LDAP authentication. And an
error type of AuthnEventIds.ACCOUNT_ERROR when a password error is returned.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users