On Mon, May 05, 2025 at 07:41:16PM +0200, Stefan Kania wrote: > Hi Ondřej, > > Sorry, that it took me so long to answer, but here is a lot of work to do. > > Now I set pwdSafeModify=FALSE and still passwd cant change the > password if otp is active. So I think I must stay with ldappasswd.
Hi Stefan, if old password is provided in the extended operation, it is still validated, what I was saying is that you also need to persuade passwd not to provide it. That is where I have no ideas whether it's possible or how to make this happen. If you do find out, I assume it will be useful to others. Regards, -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
