Hugo Etievant wrote: > Hello, > > I try to use the global password policy in order to forbid the change > of user password. > > I put the field "User may change password" unchecked with console. > > But normal users can change their own password with > /usr/lib/mozldap/ldappasswd command : > # /usr/lib/mozldap/ldappasswd -P /etc/dirsrv/slapd-fds1/ -m > /etc/dirsrv/slapd-fds1/ -D "uid=user1,ou=People,dc=example,dc=com" -w > - -S > New Password: > Re-enter new Password: > Enter bind password: > ldappasswd: password successfully changed What if you use ldapmodify to modify the userPassword attribute directly - same result? > > a command-line verification into cn=config entree of DIT show the > passwordChange attribut value as "Off" : > # /usr/lib/mozldap/ldapsearch -s base -b "cn=config" -D "cn=Directory > Manager" -w - "(cn=config)" passwordChange > Enter bind password: > version: 1 > dn: cn=config > passwordChange: off > > > I have created local password policy for my "ou=People" subtree and > for my user "User1", but user can change their own password !!!!!! > If i restart the dirsrv service on system, this item of policy is used. > > > CONCLUSION = All change of the field "User may change password" on > Password Policy require a restart of the LDAP daemon ! > > >
