On 10/10/23 16:31, Volodymyr Lisnyi wrote:
Hello Souji,
The attribute might be automatically added if you have defined the
pwdMaxAge in your policy.
we have it in the policy (and it was there before the upgrade from 2.4 to 2.5) dn: cn=passwordDefault,ou=Policies,dc=domain,dc=net ... pwdMaxAge: 31536000
but users don't have pwdEndTime, they have only pwdChangedTime: 20221219200631Z and in case the password expires in a year they also get pwdReset: TRUE
That is why I am not sure how to enable this pwdEndTime operation attribute (because I can not find any flag for "dn: cn=passwordDefault,ou=Policies,dc=domain,dc=net" or "dn: olcOverlay={0}ppolicy,olcDatabase={1}mdb,cn=config")
In this case it might be just another attribute, which can be used for example for a temp. guest account. In that case, a function to add it to all existing users would be pointless, because it is not designed for that. Why do zou want to use it, does the pwdMaxAge stopped working after the update?
Sorry, I missed that "If this attribute does not exist, then no restriction applies.", so pwdStartTime can be absent without any problems.
No worries.