Hello, I try to use the global password policy in order to forbid the change of user password. I put the field "User may change password" unchecked with console. But normal users can change their own password with /usr/lib/mozldap/ldappasswd command : # /usr/lib/mozldap/ldappasswd -P /etc/dirsrv/slapd-fds1/ -m /etc/dirsrv/slapd-fds1/ -D "uid=user1,ou=People,dc=example,dc=com" -w - -S New Password: Re-enter new Password: Enter bind password: ldappasswd: password successfully changed a command-line verification into cn=config entree of DIT show the passwordChange attribut value as "Off" : # /usr/lib/mozldap/ldapsearch -s base -b "cn=config" -D "cn=Directory Manager" -w - "(cn=config)" passwordChange Enter bind password: version: 1 dn: cn=config passwordChange: off I have created local password policy for my "ou=People" subtree and for my user "User1", but user can change their own password !!!!!! If i restart the dirsrv service on system, this item of policy is used. CONCLUSION = All change of the field "User may change password" on Password Policy require a restart of the LDAP daemon ! -- * Hugo ?ti?vant *
