Hi,
is there a way at all, that users (force) change there password of openldap on first login (or after first login manualy)? The password-field is not shown in the ldap-users profil. The option force-change-password in ldap-authentication-setup will ignored at first login. The admin can change the users ldap-password in moodle without problems. If the admin checks the option force-change-password on the user-profil, a error-message was shown: The page for password-changing is not available (or similar).
At the moment we generate a random password and set it in openldap, but we need the ability to then set as force password change for when the user logs on moodle.
Is it possible that php-ldap the barrier is? I found: "Due to PHP LDAP API limitations, changing password as user is not possible. You need to change it as manager." in the ldap-config of self-service-password at http://ltb-project.org/wiki/documentation/self-service-password/0.8/config_ldap.
ideas? workarounds?
thanks - Uwe
Hi Uwe,
the option 'Force password change' is only used if you create your users beforehand using the cli/sync.php script (I have updated the LDAP authentication docs to reflect this, as it wasn't clear before). So if the users are created when they log in for the first time, that setting has no effect at all.
Regarding the way to make the users change their password when they login for the first time, it needs a very particular setup. The reason for that is the limitation you mention of the PHP LDAP API. So you need to use a binding user that has the permissions needed to change other users' passwords. And some LDAP servers require that you also use encrypted connections (LDAP+SSL or LDAP with TLS) for this to work. MS Active Directory is one of those.
Once you have that in place, you can use the 'Use standard page for changing password' setting and set it to 'Yes', so your users can change their passwords directly from Moodle (using the standard password change page). Then you can edit their profile and tick the setting 'Force password change' without problem.
If you can't or don't wont to have such a setup, you could use the LDAP setting 'Password-change URL' and specify an external URL where your users can change their passwords (built by you, or part of an existing solution)
Saludos.
Iñaki.
the option 'Force password change' is only used if you create your users beforehand using the cli/sync.php script (I have updated the LDAP authentication docs to reflect this, as it wasn't clear before). So if the users are created when they log in for the first time, that setting has no effect at all.
Regarding the way to make the users change their password when they login for the first time, it needs a very particular setup. The reason for that is the limitation you mention of the PHP LDAP API. So you need to use a binding user that has the permissions needed to change other users' passwords. And some LDAP servers require that you also use encrypted connections (LDAP+SSL or LDAP with TLS) for this to work. MS Active Directory is one of those.
Once you have that in place, you can use the 'Use standard page for changing password' setting and set it to 'Yes', so your users can change their passwords directly from Moodle (using the standard password change page). Then you can edit their profile and tick the setting 'Force password change' without problem.
If you can't or don't wont to have such a setup, you could use the LDAP setting 'Password-change URL' and specify an external URL where your users can change their passwords (built by you, or part of an existing solution)
Saludos.
Iñaki.