The set password-force-change command forces users to change their passwords after their passwords have been reset.
Note: You can use this command only if the client is an LDAP client and it is aware of the Behera password policy request control.
When set password-force-change is set to true any bind by a new user or by a user with a reset password will be checked to see if it includes the Behera password policy control. This control is required so that the DSA can return the password-force-change control back to the client.
DAP binds do not support the Behera controls, which means that a user cannot bind to a DSA if set password-force-change is set to true and the password has been reset or the user's entry has just been created.
CA Directory uses the operational attribute dxPwdMustChange to force password changes.
This command has the following format:
set password-force-change = true | false;
Enables forced password changes. Users are prompted to change their password when they log in using a password that an administrator has changed.
(Default) Disables forced password changes. Users can continue to use a password that was changed by an administrator.
Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |