Hello, we have a Moodle instance that we are pulling out of hibernation after not much use.
I've updated it to 3.11.
It uses Microsoft LDAP for authentication for users. That works, I have new users, they can login with their windows passwords. They can change their passwords in Moodle. The change takes effect. So I know the Moodle and LDAP are talking. Other systems talking to LDAP see the new password (Zulip).
The problem I have is that the password is no longer prompting to change? I can see in AD LDAP that they should change at next login. I can see in a Manage Engine report they have the flag set.
In Force change password I have:
Force change password: Yes
Use standard page for changing password: Yes
Password format Plain Text
Password-change URL empty
In LDAP apssword expiry settings I have
Expiry: LDAP Server
Expiry warning maxPwdAge
expiry attribute: pwdlastset
grace logins: no
grace login attribute: empty