[389-devel] Please review: [389 Project] #47492: PassSync removes User must change password flag on the Windows side
Noriko Hosoi
nhosoi at redhat.com
Fri Sep 20 23:25:39 UTC 2013
https://fedorahosted.org/389/ticket/47492
https://fedorahosted.org/389/attachment/ticket/47492/0001-Ticket-47492-PassSync-removes-User-must-change-passw.patch
Bug description: Windows Sync sends password modify even if it is
from PassSync originated on AD. The modify updates the pwdLastSet
attribute value to non-zero value. The value 0 indicates the pass-
word must change at next logon on AD.
Fix description: Before sending the password modify, check whether
the current pwdLastSet value is 0 or not. If it is 0 (means the
password must change), reset pwdLastSet value to 0 along with the
password modify. This operation replaces the password on AD, but
the password still must change at next logon.
Note: If "password must change at next logon" on the both DS and AD,
the password needs to be changed by the user on the both servers to
enable it on each.
More information about the 389-devel
mailing list