bind-auth-and-pwdchg
Use the bind-auth-and-pwdchg stanza entry to control whether to force authentication to use the LDAP bind operation and force password change.
bind-auth-and-pwdchg = {yes | no}Description
This option, when set to yes, forces authentication to use the LDAP bind operation rather than the LDAP compare operation. It also forces password change (not reset) to occur on a connection to the LDAP server that is bound as the user being changed. An example of a password change is the use of /pkmspasswd from WebSEAL. If this option is set to yes, then the LDAP server must allow users to change their own password. But in many cases, allowing user to change their own password is not the default behavior. For example, the IBM Security Directory Server requires an ACL to be set in the Directory Information Tree (DIT) for the affected users. Here is example of an ACL that can be inherited, which allows any user to change their own password:
aclEntry: access-id:cn=this:at.userPassword:grant:w
Options
yes Force LDAP bind operation and password change. no Do not force LDAP bind operation and password change.
Usage: Optional
Default value
Default is no.
Example:
bind-auth-and-pwdchg = yesParent topic: [server:<instance>] stanza