Previous Topic: Reactivate a Suspended or Expired Account

Next Topic: Enforce Password Rules When Reactivating an Account

Force Users to Change Passwords after Reactivation

You can force new users and users whose passwords have been reset to change their passwords.

To do this, use the following command:

set password-force-change = true | false;

When a user logs in with a newly reset password, the only operation the user can perform is to change passwords. After the user has changed his or her password, normal operations are restored.

Note: You can use this command only if the client is an LDAP client and it is aware of the Behera password policy request control.

Do not use this feature if you have an application that performs a single bind to the directory for authentication. For these applications users would never be required to change their passwords.

When set password-force-change is set to true, DAP binds are refused because they cannot carry LDAP control information.

More information:

Reactivate a Suspended or Expired Account

Password Commands Requiring an LDAP Client

set password-force-change Command


Copyright © 2009 CA. All rights reserved. Email CA about this topic