messanger express fail to change password after ldap update
Hi,
my environment was sunone messaging server 5.2 sp2 with directory server 5.1 sp2 on sparc solaris 2.8. My problem was that I needed to configure the password expiration but I did not receive the email warning to change the password before expiration. So I read that dir. server 5.1 sp4 solves this problem and I have installed it, but after installation no user can change password with sunone messanger express accessing to options->change password. The error message is just "error changing password". Please could you suggest me what I have to check, or what I can do to solve?
thanks and regards,
[626 byte] By [
m_mattaua] at [2007-11-26 22:37:20]
# 1
Hi, I've seen that ds sp4 have modified the acl into directory server, but after the acl restore, the change password via messanger express fails. The ldap error code is 50, but I don't understand where is the "constraint" that does not allow the user to change his own password. Please help.
# 3
Hi, thanks, I have checked the permission of the user and seems to be ok. I've checked acl on directory server tree. Is there any other place where there are limits to the permission of the users?regards
# 4
You might want to test the Directory manually, with ldapmodify. It's possible that webmail is getting in your way. Let's test reality, and see if the problem is indeed in LDAP.
# 5
Hi, thanks for help. The cause of the problem is that I configured the expire password, and now password of messaging server admin users expire!!! How I can avoid this? I mean how I can set expire password for all user but not for messaging server admin users?
# 6
Hi,
That is more of a directory server question, I recommend you ask on that forum instead - providing what expiration policy you added and what the result was, or why not try the manuals?
It should be possible to create a password policy profile which can be applied to certain admin users to stop the expiration - or alternatively you shouldn't enable a global policy but and just a policy to your user/group tree so admin accounts aren't affected.
Regards,
Shane.
