OpenLDAP Version: 2.3.5 PPolicy Overlay Version: 1.62
Hm, why are you using 2.3.5 and not 2.3.7?
Problem: PPolicy module determines user password is expired before pwdMaxAge time has elapsed.
** start log trace **
ppolicy_bind: Entry cn=394359285170458054,ou=People,dc=fnfis,dc=com does not have valid pwdChangedTime attribute - assuming password expired
Observation:
PPolicy module doesn't like a null pwdChangedTime attribute.
Correct. This behavior is by design.
Any ideas on what the corrective action might be?
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/