openLDAP pwdReset pwdMustChange

Daniel Fisher dfisher at
Wed Aug 24 18:27:52 UTC 2022

On Wed, Aug 24, 2022 at 12:34 AM Lipscomb, Gary via users <
users at> wrote:

> Thanks Dan,
> We already have that set and password expiration works. We get a warning
> displayed from 10 days prior to password expiration.
> It’s just adding the additional pwdReset and pwdMustChange don’t do
> anything using SSO but work with ldapsearch CLI.

Try adding CHANGE_AFTER_RESET to the ExpiredPassword entry of
(Assuming you want to treat this condition as an expired password.)
I *think* that will fire an expired password warning event, but it's not
something I've tried before.

--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list