Hugo Etievant wrote: > hello, > > If i use ldapmodify command, some change of password policy's "User > may change password" attribute is used immedialety without ldap deamon > restart, > but if y use ldappassword, i have to restart ldap deamon !!! > > why this difference ? Let me see if I understand. After changing the password policy to "User may change password": If you use ldapmodify to change the userPassword attribute, the policy is in effect immediately without a server restart If you use ldappasswd to change the user's password, the policy is not in effect until after a server restart Is this correct? If so, sounds like a bug - in either case, the change should take effect immediately. > > > Rich Megginson a ?crit : >> Hugo Etievant wrote: >>> Hello, >>> >>> I try to use the global password policy in order to forbid the >>> change of user password. >>> >>> I put the field "User may change password" unchecked with console. >>> >>> But normal users can change their own password with >>> /usr/lib/mozldap/ldappasswd command : >>> # /usr/lib/mozldap/ldappasswd -P /etc/dirsrv/slapd-fds1/ -m >>> /etc/dirsrv/slapd-fds1/ -D "uid=user1,ou=People,dc=example,dc=com" >>> -w - -S >>> ldappasswd: password successfully changed >> What if you use ldapmodify to modify the userPassword attribute >> directly - same result? >>> CONCLUSION = All change of the field "User may change password" on >>> Password Policy require a restart of the LDAP daemon ! >
