by Iñaki Arenaza.
Hi Uwe,
the option 'Force password change' is only used if you create your users beforehand using the cli/sync.php script (I have updated the LDAP authentication docs to reflect this, as it wasn't clear before). So if the users are created when they log in for the first time, that setting has no effect at all.
Regarding the way to make the users change their password when they login for the first time, it needs a very particular setup. The reason for that is the limitation you mention of the PHP LDAP API. So you need to use a binding user that has the permissions needed to change other users' passwords. And some LDAP servers require that you also use encrypted connections (LDAP+SSL or LDAP with TLS) for this to work. MS Active Directory is one of those.
Once you have that in place, you can use the 'Use standard page for changing password' setting and set it to 'Yes', so your users can change their passwords directly from Moodle (using the standard password change page). Then you can edit their profile and tick the setting 'Force password change' without problem.
If you can't or don't wont to have such a setup, you could use the LDAP setting 'Password-change URL' and specify an external URL where your users can change their passwords (built by you, or part of an existing solution)
Saludos.
Iñaki.
the option 'Force password change' is only used if you create your users beforehand using the cli/sync.php script (I have updated the LDAP authentication docs to reflect this, as it wasn't clear before). So if the users are created when they log in for the first time, that setting has no effect at all.
Regarding the way to make the users change their password when they login for the first time, it needs a very particular setup. The reason for that is the limitation you mention of the PHP LDAP API. So you need to use a binding user that has the permissions needed to change other users' passwords. And some LDAP servers require that you also use encrypted connections (LDAP+SSL or LDAP with TLS) for this to work. MS Active Directory is one of those.
Once you have that in place, you can use the 'Use standard page for changing password' setting and set it to 'Yes', so your users can change their passwords directly from Moodle (using the standard password change page). Then you can edit their profile and tick the setting 'Force password change' without problem.
If you can't or don't wont to have such a setup, you could use the LDAP setting 'Password-change URL' and specify an external URL where your users can change their passwords (built by you, or part of an existing solution)
Saludos.
Iñaki.