You can force new users and users whose passwords have been reset to change their passwords.
To do this, use the following command:
set password-force-change = true | false;
When a user logs in with a newly reset password, the only operation the user can perform is to change passwords. After the user has changed his or her password, normal operations are restored.
Note: You can use this command only if the client is an LDAP client and it is aware of the Behera password policy request control.
Do not use this feature if you have an application that performs a single bind to the directory for authentication. For these applications users would never be required to change their passwords.
When set password-force-change is set to true, DAP binds are refused because they cannot carry LDAP control information.
Copyright © 2009 CA. All rights reserved. | Email CA about this topic |