[389-users] AD <-> LDAP password expiration sync
Orion Poplawski
orion at cora.nwra.com
Thu Jan 3 18:01:45 UTC 2013
On 01/03/2013 08:15 AM, Rich Megginson wrote:
> On 01/02/2013 10:46 AM, Orion Poplawski wrote:
>> Is it possible to synchronize password expiration times between AD and
>> LDAP? We're just discovering that the AD sync to LDAP doesn't update
>> shadowLastChange which we are currently using on the LDAP side. Should we
>> use a different scheme for password expiration?
>>
>
> It's not possible. Please file an RFE ticket.
Filed: https://fedorahosted.org/389/ticket/548
However, we're probably going to switch to using the internal 389ds password
expiration (passwordExpirationTime) which does get updated during the sync.
Seems like a better and more general solution.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 http://www.nwra.com
More information about the 389-users
mailing list