We are using Content Web Services to reset passwords of users. To be more precise, we use the UpdatePassword method provided by the MemberService (SOAP implementation). In Content Server 16.2 we see a change in behavior. Our password reset software uses a privileged account (Content Server account with "User administration rights") to reset the password on behalf of a given user. This triggers the OTDS to set in the user account the flag "require password change on reset", which it was set to "do not require passwrd reset on change before". As a reset, when a user resets his password, he is asked to reset the password again when he wants to login into Content Server.
This only happens when we use a privileged account to perform the reset, it does work when we authenticate in the web services with the user itself. But this is not what we want, because if a new user needs to perform a password reset or the password is not known anymore, the person cannot authenticate, hence the use of a privileged account to perform the operation.
Is there a setting in OTDS to prevent the change "require password change on reset" when we perform the password reset via webservices? Or is there a setting in Content Server?
Best regards,
Martin
