Hi,
I exported some databases into LDIF files (db2ldif) and imported them in DS8.1 freshly
installed.
Then, I went to the "o=" subtree and activated password policy like this
"Users much change their passwords after 1 day".
I took a user in this subtree and changed the password. Normally, I should see a new
attribute "PasswordExpirationTime" but it seems not.
So, as a test, I created a new o= subtree like this: o=TestPwd,dc=test,dc=net
Then, I created a new user inside it: ebobo
After, I activated a password policy, I saw that two entries were created in this subtree
like this:
cn=nSPwPolicyContainer,o=TestPwd,dc=test,dc=net (two entries inside)
"cn=nsPwPolicyEntry,o=TestPwd,dc=test,dc=net" (I can see this attr: passwordexp
on)
"cn=nsPwTemplateEntry,o=TestPwd,dc=test,dc=net"
cn=nsPwPolicy_CoS,o=TestPwd,dc=test,dc=net
I changed ebobo's password and I still doesn't see the new attribute
"PasswordExpirationTime" in "Advanced properties" in the console. If
I check on "Show all Allowd Attributes", I can see this attribute but it
isn't set.
I tried to set the PasswordExpirationTime myself in ebobo's account in this format:
200901011223Z but this account isn't de-activated because of the expiration time, I
can still log-on on some sites with this account.
I took a look in access/error logs and there were not errors, only normal operations. I
can provide it if needed.
I'm wondering if there's any other step to successfully activate the max age
password policy ?
Thank you!
_________________________________________________________________
Got a phone? Get Hotmail & Messenger for mobile!
http://go.microsoft.com/?linkid=9724464