[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PPolicy Overlay - Wrongly expires user password

To: Shawn McKinney <smmtech2@sbcglobal.net>
Subject: Re: PPolicy Overlay - Wrongly expires user password
From: Howard Chu <hyc@symas.com>
Date: Tue, 04 Oct 2005 07:55:18 -0700
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <20051003212707.58993.qmail@web82005.mail.mud.yahoo.com>
References: <20051003212707.58993.qmail@web82005.mail.mud.yahoo.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20050925 SeaMonkey/1.1a

Shawn McKinney wrote:

OpenLDAP Version: 2.3.5 PPolicy Overlay Version: 1.62


Hm, why are you using 2.3.5 and not 2.3.7?

 Problem: PPolicy module determines user password is expired before
 pwdMaxAge time has elapsed.

 ** start log trace **

 ppolicy_bind: Entry cn=394359285170458054,ou=People,dc=fnfis,dc=com
 does not have valid pwdChangedTime attribute - assuming password
 expired

 Observation:
PPolicy module doesn't like a null pwdChangedTime attribute.


Correct. This behavior is by design.

Any ideas on what the corrective action might be?

Yes, use ldappasswd to reset the password (which will create a valid pwdChangedTime value).

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/

Follow-Ups:
- Problem Resolved - Re: PPolicy Overlay - Wrongly expires user password
  - From: Shawn McKinney <smmtech2@sbcglobal.net>
- Re: PPolicy Overlay - Wrongly expires user password
  - From: Shawn McKinney <smmtech2@sbcglobal.net>

References:
- PPolicy Overlay - Wrongly expires user password
  - From: Shawn McKinney <smmtech2@sbcglobal.net>

Prev by Date: Re: Backglue + global rwm hang
Next by Date: Re: ldap_add: No such object ldif_record() = 32
Index(es):
- Chronological
- Thread