as far as I understand you should not be using the shadowAccount
objectClass attributes to get this behaviour but you should be
configuring the password policies instead.
Okay, I have spent a couple hours with DS's password policy and
do not like it. Why are shadowAccount attributes in the schema
and allowed if not to be used? It seems OpenLDAP supports them.
--
- Kyle
---------------------------------------------
kylet(a)panix.com
http://www.panix.com/~kylet
---------------------------------------------