michael@stroeder.com wrote:
Full_Name: Michael Str.der Version: OS: URL: Submission from: (NULL) (213.240.180.113)
If pwdMaxAge is set in a pwdPolicy entry but the user's entry does not contain pwdChangedTime attribute createTimestamp should be used instead to determine whether password is expired or not.
The case above can happen if there are already existing entries with userPassword and slapo-ppolicy gets installed and activated later.
No. The spec says for pwdChangedTime "If this attribute does not exist, the password will never expire."
Closing this ITS.