Hello,
draft-behera-ldap-password-policy-xx.txt says:
5.3.2 pwdChangedTime
This attribute specifies the last time the entry's password was changed. This is used by the password expiration policy. If this attribute does not exist, the password will never expire.
And ppolicy.c overlay says contrary
/* * Hmm. No password changed time on the * entry. This is odd - it should have * been provided when the attribute was added. * * However, it's possible that it could be * missing if the DIT was established via * an import process. */ Debug( LDAP_DEBUG_ANY, "ppolicy_bind: Entry %s does not have valid pwdChangedTime attribute - assuming password expired\n", e->e_name.bv_val, 0, 0);
pwExpired = 1;
Regards.
Alexandre LABICHE
You should submit this to the ITS.
LABICHE Alexandre wrote:
Hello,
draft-behera-ldap-password-policy-xx.txt says:
5.3.2 pwdChangedTime
This attribute specifies the last time the entry's password was changed. This is used by the password expiration policy. If this attribute does not exist, the password will never expire.
And ppolicy.c overlay says contrary
/* * Hmm. No password changed time on the * entry. This is odd - it should have * been provided when the attribute was
added. * * However, it's possible that it could be * missing if the DIT was established via * an import process. */ Debug( LDAP_DEBUG_ANY, "ppolicy_bind: Entry %s does not have valid pwdChangedTime attribute - assuming password expired\n", e->e_name.bv_val, 0, 0);
pwExpired = 1;
openldap-software@openldap.org