Hi, We are seeing some odd behaviour with 389 compared to what the diagram below suggests (from RHDS Documentation) https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.1/html/Deployment_Guide/images/pwdpolicy.png We have a user with an expired password with no grace logons, that user is unable to change their own password. On bind they receive "Invalid Credentials 49 Additinoal Info: password expired!" which is the same we see when manually trying to change the password (using their account to bind) using ldappasswd as well. According to the flow diagram we should be expecting 389 to basically force change the password, which incidentally works fine when the passwordexpirytime attribute is set to epoch but not when it is any other value. My question is basically how should we expect this to work? and how should a user with an expired password be able to change their password without admin assistance. Thanks James _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
