Aaron,

I went through both paths.  I tried the "userid" route on the DB and on a client.  Still nothing.  Then, I went back and created a simple inetaccountperson cn with the user password set to the password, still debugging is showing that the ppolicy overlay is being applied.  Is this due to the fact that ppolicy is applied at the userpassword attribute and I still have a userpassword attribute in this account. 

Nothing, it's still giving me invalid credentials on an expired password.

Paul


-----Original Message-----
From: Aaron Richton [mailto:richton@nbcs.rutgers.edu]
Sent: Mon 8/27/2007 5:20 PM
To: Paul J. Pathiakis
Cc: openldap-software@openldap.org
Subject: RE: Syncrepl and proxyAgent password expiration

Something is clearly feeding

> ppolicy_bind: Entry cn=proxyAgent,ou=Profile,dc=eagleaccess,dc=com

to your server. If you're looking to deprecate that and make a new DN
starting "uid=proxyAgent", you're going to have to change everything that
has the old one.

On Mon, 27 Aug 2007, Paul J. Pathiakis wrote:

> Hi,
>
> just as someone was answering the question, I got the second part of it
> by just using the rootdn of the master provider.  (I went back to square
> one and wiped everything on the consumer.)  Now, I'm stuck with a
> "simple" problem of the Solaris 9 clients in my network coming back with
> the Error 49 problem of invalid credentials.  I've created a security
> object for the proxyAgent and I'm trying to initialize its use.
> However, this now has a userid attribute instead of cn.  Is this going
> to cause me any grief?
>
> Thank you,
>
> Paul Pathiakis