[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PPolicy Overlay - Wrongly expires user password



Shawn McKinney wrote:
OpenLDAP Version: 2.3.5 PPolicy Overlay Version: 1.62

Hm, why are you using 2.3.5 and not 2.3.7?

 Problem: PPolicy module determines user password is expired before
 pwdMaxAge time has elapsed.

 ** start log trace **

 ppolicy_bind: Entry cn=394359285170458054,ou=People,dc=fnfis,dc=com
 does not have valid pwdChangedTime attribute - assuming password
 expired

 Observation:

PPolicy module doesn't like a null pwdChangedTime attribute.

Correct. This behavior is by design.

Any ideas on what the corrective action might be?

Yes, use ldappasswd to reset the password (which will create a valid pwdChangedTime value).


--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/