We seem to have something odd going on with our password policy.
I configured global password policy on our LDAPs so that all accounts
under our userRoot subtree expire, then under the subtrees that contain
our service accounts I configured to never expire. But I just noticed
that the accounts under those subtrees actually have expiration date
attributes. I went into one of the accounts and set the password policy
explicitly on that account, but the attribute still shows that it is going
to expire two days from now. So I'm waiting to see what happens in two
days - will the password policy that I set for the subtree/user work, or
will it expire because the attribute is set to make it expire. I'm kind
of confused as to why it would even have that attribute set when the
subtree is set to never expire.
Show replies by thread