‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday 5 March 2020 10:10, Dieter Klünter dieter@dkluenter.de wrote:
Am Wed, 04 Mar 2020 13:36:08 +0000 schrieb Manuela Mandache manuela.mandache@protonmail.com:
Hello all, We have a directory running on OpenLDAP 2.4.44 with the ppolicy overlay on the main database. When a new entry with a userPassword defined is created, pwdChangedTime is not defined, so this initial userPassword never expires. The directory has been migrated from its OpenLDAP 2.3.34 instance (yes, we missed some steps...), and there the pwdChangedTime is set, and naturally equal to createTimestamp.
[...] The password attribute value must be set by a password modify exented operation in order to set password policy in effect, see man slapo-ppolicy(5)
-Dieter
Thank you for the answer. It's the change of behavior between OpenLDAP 2.3.34 and 2.4.44 which surprised me.
Regards,
Manuela