Nothing yet but if you track 'userPassword' at attribute... It will help.

Thanks for the reply, Mohib. Do you know how I will be able to track that attribute using log viewer? We need to know if the users change their passwords without our permissions.

Based on this issue, I'm not sure where the password change is originating. Is it via SCIM? Is it via the oxTrust admin UI? Is it via an authentication script (i.e. change your password after a certain amount of time). Please provide more details.

Hi Michael, Thanks for bringing this up, I'm sorry if I was not detailed enough. This would be coming from the oxTrust admin UI, we won't allow users to register/change password on their own. How can I log it?

Hi Karl, You can grab password changing log from ldap audit log. Here is what comes when we change some user's password from oxTrust admin panel: ``` # 11/Mar/2017:13:04:02 +0000; conn=86; op=1 dn: inum=@!A578.3242.DCA8.432A!0001!1DF4.0E33!0000!09F4.48D0,ou=people,o=@!A578.3242.DCA8.432A!0001!1DF4.0E33,o=gluu changetype: modify replace: oxTrustEmail oxTrustEmail: {"operation":null,"value":"foobar@gluu.org","display":"foobar@gluu.org","primary":true,"reference":null,"type":"other"} - replace: userPassword userPassword: {SSHA512}fQo..............Y1AwqNBIIIIIIIIIIIIIIIIIII - replace: objectClass objectClass: gluuPerson objectClass: eduPerson objectClass: inetOrgPerson objectClass: ox-A5783242DCA8432A00011DF40E33 objectClass: top - replace: pwdChangedTime pwdChangedTime: 20170311130402.196Z - replace: modifiersName modifiersName: cn=Directory Manager,cn=Root DNs,cn=config - replace: modifyTimestamp modifyTimestamp: 20170311130402Z ```

Thanks!