OpenAM documentation Configuring Password Reset describes the feature "Force Change Password on Next Login":
"When enabled, the user must change her password next time she logs in after OpenAM resets her password."
- End user opens the reset password page (/openam/password)
- End user inputs user ID and answers the secret questions
- A new password is created, stored in LDAP and send by E-Mail to the user (as far, everything is fine...)
- If option "Force Change Password on Next Login" is selected, LDAP attribute "iplanet-am-user-password-reset-force-reset" should be set to "true"
- During next login this additional LDAP attribute has to be checked by the authentication module
- If LDAP attribute value "iplanet-am-user-password-reset-force-reset = true", user must change password during authentication process
This feature is currently not implemented:
- LDAP attribute "iplanet-am-user-password-reset-force-reset" is included in the OpenAM schema extensions (e.g. for AD-LDS)
- LDAP attribute is not written during password reset
- LDAP attribute is not checked in the following authentication modules: Data-Store, LDAP, AD