New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changing the password when the flag "User must change password at next logon" is setted #414
Comments
Hello, our code is:
Means we only rebind as manager if this is set in In your case, the |
Thanks for quick reply .If the "User must change password at next logon" flag is not set for the user, but the |
It will be changed through the manager account |
The problem was solved by modifying the php code of the change.php file from line # 138 and below:
|
Were you also able to test an account with an expired password? And what about the fact the group policy does not apply when password is changed by user? Is it ok for you to bypass AD policy if the user must reset its password? |
Yes this is a dirty hack. And when the flag "User must change password at next logon" is setted password group policy wouldn't apply when password changed, because the password is changed by the manager. But in other cases this should work.
|
not tested yet
|
I modified the "change.php" file to make group policies work:
When changing the password, an intermediate step of setting a temporary password is used. This temporarily modifies the "UserAccountControl" and "pwdLastSet" attributes. change.php
|
I have the same problem. |
There is a feature request to allow changing an expired password #96 Could you tell us what is working and not working with current code? |
Hello,
I have a problem when trying to change the password of a AD user for which the flag "User must change password at next logon" is setted.
SSP frontend returns error "Password was refused by the LDAP directory".
According to the logs and to the comment from another issue (#216 (comment)) rebind under the manager account probably does not happen.
Option
$who_change_password = "user";
is required for us because password group policies works only with it.My environment: Windows server 2019 with configured LDAPS.
Part of SSP config:
Part of /var/log/apache2/error.log:
error.log
ssp_error.log
The text was updated successfully, but these errors were encountered: