Hello Souji,

Ok, I can add it to the user entries, but what I see is that new users also don't have this attribute.

So what is the procedure (also can not find this in the manual) to enable it by default because I can not add it to the new users manually on a regular basis?

Also from docs not clear if both pwdStartTime and pwdEndTime are needed or if I can use only the last pwdEndTime.

On Tue, Oct 10, 2023 at 4:38 PM Souji Thenria <mail@souji-thenria.net> wrote:

On 10/9/23 16:46, Volodymyr Lisnyi wrote:
> So as I see this attribute has no true/false or other flag (it is
> internal scheme attribute), which allows me to add it to
> dn: cn=passwordDefault,ou=Policies,dc=zone,dc=net
> or policy overlay
> olcOverlay={0}ppolicy,olcDatabase={1}mdb,cn=config
>
> os is there any way I can enable it and update existing users with
> pwdEndTime attribute?

Hey

You are not supposed to add this attribute to a policy. Because it is an
operational attribute you need to add it to the user entries.

--
Souji Thenria