Full_Name: Alexandre LABICHE Version: 2.3.27 OS: linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (82.120.54.227)

Hello,

draft-behera-ldap-password-policy-xx.txt says:

5.3.2 pwdChangedTime

This attribute specifies the last time the entry's password was changed. This is used by the password expiration policy. If this attribute does not exist, the password will never expire.

And ppolicy.c overlay says contrary

/* * Hmm. No password changed time on the * entry. This is odd - it should have * been provided when the attribute was added. * * However, it's possible that it could be * missing if the DIT was established via * an import process. */ Debug( LDAP_DEBUG_ANY, "ppolicy_bind: Entry %s does not have valid pwdChangedTime attribute - assuming password expired\n", e->e_name.bv_val, 0, 0);

pwExpired = 1;

Regards.

Alexandre LABICHE