!!! Overview
The set password-force-change [DXServer Command] forces users to change their passwords after their passwords have been reset.

[{$pagename}] is an implementation of [Password MUST Change] condition.

Note: You can use this command only if the client is an [LDAP] client utilizes [Draft-behera-ldap-password-policy] [PasswordPolicyRequest] [Supported Control].

When set password-force-change is set to true any bind by a new user or by a user with a reset password will be checked to see if it includes the [PasswordPolicyRequest] control. This control is required so that the DSA can return the password-force-change control back to the client.

DAP binds do not support the [Draft-behera-ldap-password-policy] controls, which means that a user cannot bind to a DSA if set password-force-change is set to true and the password has been reset or the user's entry has just been created.

CA Directory uses the operational attribute [{$pagename}] to force password changes.

This command has the following format:
{{{
set password-force-change = true | false;
}}}
* true - Enables forced password changes. Users are prompted to change their password when they log in using a password that an administrator has changed.
* false - (Default) Disables forced password changes. Users can continue to use a password that was changed by an administrator.


!! Attribute Definition
The [{$pagename}] [AttributeTypes] is defined as:
* [OID] of [1.3.6.1.4.1.3327.6.20] 
* NAME: [{$pagename}]
* DESC: 
* [EQUALITY]: []
* [ORDERING]: []
* SYNTAX: [Boolean]
* [SINGLE-VALUE]
* [NO-USER-MODIFICATION]
* USAGE [UserApplications]



!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]