May 23, 2017 at 5:53 pm #17452sixartParticipant
if I change the attribute ds-cfg-max-password-age in my password policy, attribute ds-pwp-password-expiration-time change automatically in all entry of my rootDN or this attribute not change??
DarioMay 24, 2017 at 9:55 am #17462LudoModerator
The ds-pwp-password-expiration-time is a virtual, computed attribute and will reflect the time the password is due to expire based on the policy. A change in the policy will be reflected immediately.May 24, 2017 at 10:08 am #17463sixartParticipant
thanks for the reply.
I have OpenDJ 3.0.1 and when installed it I configured ds-cfg-max-password-age with “7889400 s” (3 months).
After that, I updated it with “15778800 s” (6 months), but I noticed that the value ds-pwp-password-expiration-time in many entry didn’t change, or it didn’t change correctly.
How can I update/recalculate these values?
DarioFebruary 7, 2020 at 4:26 pm #27571dpirvutiParticipant
I’m in the same situation on DS 6.5
I have a set of users for which passwords expires on Feb 12, 2020 based on a policy defined with max-password-age of 12 w 6 d.
I need to give them a grace period of extra 50 days.
When I go in dsconfig and change the max-password-age value to 21 w 3 d and apply the change, the user ds-pwp-password-expiry-time remains Feb 12, 2020 (as browsed from Apache DS).
Please adviseFebruary 18, 2020 at 6:39 pm #27610Andy CoryParticipant
Just to be sure this is not some caching or refresh issue with Apache DS, can you confirm the ‘ds-pwp-password-expiry-time’ has not been recalculated by running ‘ldapsearch’? A quick sanity check test on a DS 6.5 instance I’m using for a current project showed the attribute being recalculated correctly when I change the policy. It did show up in Apache DS too, I just had to refresh – if that didn’t work for you an ldapsearch should be a cleaner test. (It’s worth just double-checking the ‘ds-pwp-password-policy-dn’ attribute of your test user though, just to be sure that the password policy that you think applies actually does apply!)
You must be logged in to reply to this topic.