Tim Vorce wrote:
>I'm using perLDAP to update an LDAP directory. The password policy is
>set to require a password life of 90 days. Unfortunately, my customer
>wants new accounts to be pre-expired. I have the code set to set the
>attribute passwordexpirationtime to a date in the past. It works most
>of the time, but sometimes, the passwordexpirationtime has two values,
>one that I set, and one 90 days out. As near as I can tell, there is
>one value for this attribute while it is under my control, but at some
>point in the future it gets mucked up.
>This is with perLDAP version 1.4, which I thought was pretty robust.
>
>Any suggestions??
>
I can't say that I'm an expert on the password policy manager in the
iPlanet/Netscape LDAP server, but it sure sounds like it is the one
adding the "extra" attribute value. The only other thing I can think of
is that there is an existing value when the account is initially
created, and then you add the new attribute value, instead of "setting"
it. Like, to be sure you set it to exactly what you want, you'd probably
do something like
$entry->setValues("passwordexpirationtime", $oldDate);
or
$entry->{passwordexpirationtime} = [ $oldDate ];
-- Leif
