I need to develop a code for changing a user's password using Spring LDAP once it has been set by administrator. I am using OpenDS 2.2 as my Directory server.
Whenever I change it using my code, it set an attribute "pwdReset" to true which means that the password needs to be changed. But changing the password again does not reset this attribute to false. I have managed to get a workaround, that is to explicitly reset "pwdReset" to false by a java code, but this can't be and should not be the correct way to it.
From what I understood, this is an operational attribute and should not be modified by users and the way to go is to first authenticate the user and then change the password while user is still authenticated.
This is where I need help. Would appreciate if anyone could provide me a sample code to achieve what I have mentioned in previous para.
The code I am using currently is given below
ModificationItem item = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userPassword", password));
ldapTemplate.modifyAttributes("cn="+userName, new ModificationItem[]{item});
Password Reset in OpenDS (and OpenDJ the actively developed fork of OpenDS, check opendj.forgerock.org), is an operation which consist in changing the password of a user account when authenticated as another user (typically as cn=Directory Manager). When the authenticated user is changing its own password, it's not a reset, it's a change (not that this is also true when using ProxiedAuthorization control).
In any case, the pwdReset attribute will be set if the Password Policy is defined to enforce a password change when the password is reset. If you know that passwords will be always be changed by an administrative account, then you should not enforce the password change on reset.
Kind regards, Ludovic.