I am working on rolling out a password policy that enforces case sensitivity on a subset of our users on 8.8SP7. Everything seems to be working, but I wanted to verify a quirk and get some information on mitigating customer risk.

Based on this KB article, https://www.netiq.com/documentation/...a.html#brvxgqy, the first matching password entered after the policy is in place will be the password case used from that point on. Is this because EDirectory does not store the original case on password set if the policy is not in place? Is there any way to recover the original case?

I would like to prevent any issues of a user accidently entering the wrong case after the policy is in place and needing to reset due to their orignal password no longer working. Is this a valid concern?