Hi, we're deep into testing the password policy and we came across this situation. Using DS built from the trunk version 1349996
Short description. In the ASN.1 response: When the password is expiring in 60 seconds , the three bytes should be -128, 0, 60 instead they are -128, 1, 60 When 4 grace logins remain, the three bytes should be -128, 1, 4 instead they are -127, 1, 4 We have a user that has the pwdReset = true Attribute AND their password is about to expire. This is the byte[] value returned after 3 consecutive logins, you can see the password expiration working [48, 8, -96, 3, -128, 1, 122, -127, 1, 2] // pw expires in 122 seconds [48, 8, -96, 3, -128, 1, 83, -127, 1, 2] // pw expires in 83 seconds [48, 8, -96, 3, -128, 1, 48, -127, 1, 2] // pw expires in 48 seconds // here's the last case decoded. 48 (30) Skip 8 (8) Length = 8 -96 (160) Continue 3 (3) Length = 3 -128 (128) Warning OK 1 (1) Type 1 <-- ?? This should be error Type 0? Type 1 defines Grace Logins 48 (48) 48 seconds remaining on password <-- expected value but is getting set in grace logins // loop again -127 (129) Error OK 1 (1) length =1 2 (2) Error CHANGE_AFTER_RESET <-- this is what we expect. Here's the same case, after the password expires. The Grace Login also has an Error instead of a warning [48, 8, -96, 3, -127, 1, 4, -127, 1, 2] -127 (129) Error <-- This should be a Warning -128 1 (1) Type 1 = Grace Logins remaining <-- this is the correct warning type 4 (4) 4 logins remaining <-- correct # of logins remaining Thanks!
