openLDAP pwdReset pwdMustChange
Daniel Fisher
dfisher at vt.edu
Wed Aug 24 18:27:52 UTC 2022
On Wed, Aug 24, 2022 at 12:34 AM Lipscomb, Gary via users <
users at shibboleth.net> wrote:
> Thanks Dan,
>
>
>
> We already have that set and password expiration works. We get a warning
> displayed from 10 days prior to password expiration.
>
> It’s just adding the additional pwdReset and pwdMustChange don’t do
> anything using SSO but work with ldapsearch CLI.
>
Try adding CHANGE_AFTER_RESET to the ExpiredPassword entry of
shibboleth.authn.Password.ClassifiedMessageMap.
(Assuming you want to treat this condition as an expired password.)
I *think* that will fire an expired password warning event, but it's not
something I've tried before.
--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220824/827ae432/attachment.htm>
More information about the users
mailing list