[email protected] wrote: > Full_Name: Michael Str.der > Version: > OS: > URL: > Submission from: (NULL) (213.240.180.113) > > > If pwdMaxAge is set in a pwdPolicy entry but the user's entry does not contain > pwdChangedTime attribute createTimestamp should be used instead to determine > whether password is expired or not. > > The case above can happen if there are already existing entries with > userPassword and slapo-ppolicy gets installed and activated later. >
No. The spec says for pwdChangedTime "If this attribute does not exist, the password will never expire." Closing this ITS. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
