This topic has 4 replies, 2 voices, and was last updated 1 year, 1 month ago by Andy Cory.
-
AuthorPosts
-
May 23, 2017 at 5:53 pm #17452
sixart
ParticipantHi,
if I change the attribute ds-cfg-max-password-age in my password policy, attribute ds-pwp-password-expiration-time change automatically in all entry of my rootDN or this attribute not change??
Regards,
DarioMay 24, 2017 at 9:55 am #17462Ludo
ModeratorThe ds-pwp-password-expiration-time is a virtual, computed attribute and will reflect the time the password is due to expire based on the policy. A change in the policy will be reflected immediately.
May 24, 2017 at 10:08 am #17463sixart
ParticipantHi Ludo,
thanks for the reply.I have OpenDJ 3.0.1 and when installed it I configured ds-cfg-max-password-age with “7889400 s” (3 months).
After that, I updated it with “15778800 s” (6 months), but I noticed that the value ds-pwp-password-expiration-time in many entry didn’t change, or it didn’t change correctly.How can I update/recalculate these values?
Regards,
DarioFebruary 7, 2020 at 4:26 pm #27571dpirvuti
ParticipantI’m in the same situation on DS 6.5
I have a set of users for which passwords expires on Feb 12, 2020 based on a policy defined with max-password-age of 12 w 6 d.
I need to give them a grace period of extra 50 days.
When I go in dsconfig and change the max-password-age value to 21 w 3 d and apply the change, the user ds-pwp-password-expiry-time remains Feb 12, 2020 (as browsed from Apache DS).
Please advise
February 18, 2020 at 6:39 pm #27610Andy Cory
ParticipantJust to be sure this is not some caching or refresh issue with Apache DS, can you confirm the ‘ds-pwp-password-expiry-time’ has not been recalculated by running ‘ldapsearch’? A quick sanity check test on a DS 6.5 instance I’m using for a current project showed the attribute being recalculated correctly when I change the policy. It did show up in Apache DS too, I just had to refresh – if that didn’t work for you an ldapsearch should be a cleaner test. (It’s worth just double-checking the ‘ds-pwp-password-policy-dn’ attribute of your test user though, just to be sure that the password policy that you think applies actually does apply!)
-Andy
-
AuthorPosts
You must be logged in to reply to this topic.