Full_Name: Michael Str.der
Submission from: (NULL) (220.127.116.11)
If pwdMaxAge is set in a pwdPolicy entry but the user's entry does not contain
pwdChangedTime attribute createTimestamp should be used instead to determine
whether password is expired or not.
The case above can happen if there are already existing entries with
userPassword and slapo-ppolicy gets installed and activated later.
No. The spec says for pwdChangedTime "If this attribute does not exist, the
password will never expire."
Closing this ITS.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/