This topic has 4 replies, 2 voices, and was last updated 7 months, 2 weeks ago by 
-
Posts
-
Hi,
if I change the attribute ds-cfg-max-password-age in my password policy, attribute ds-pwp-password-expiration-time change automatically in all entry of my rootDN or this attribute not change??
Regards,
DarioThe ds-pwp-password-expiration-time is a virtual, computed attribute and will reflect the time the password is due to expire based on the policy. A change in the policy will be reflected immediately.
Hi Ludo,
thanks for the reply.I have OpenDJ 3.0.1 and when installed it I configured ds-cfg-max-password-age with “7889400 s” (3 months).
After that, I updated it with “15778800 s” (6 months), but I noticed that the value ds-pwp-password-expiration-time in many entry didn’t change, or it didn’t change correctly.How can I update/recalculate these values?
Regards,
DarioI’m in the same situation on DS 6.5
I have a set of users for which passwords expires on Feb 12, 2020 based on a policy defined with max-password-age of 12 w 6 d.
I need to give them a grace period of extra 50 days.
When I go in dsconfig and change the max-password-age value to 21 w 3 d and apply the change, the user ds-pwp-password-expiry-time remains Feb 12, 2020 (as browsed from Apache DS).
Please advise
Just to be sure this is not some caching or refresh issue with Apache DS, can you confirm the ‘ds-pwp-password-expiry-time’ has not been recalculated by running ‘ldapsearch’? A quick sanity check test on a DS 6.5 instance I’m using for a current project showed the attribute being recalculated correctly when I change the policy. It did show up in Apache DS too, I just had to refresh – if that didn’t work for you an ldapsearch should be a cleaner test. (It’s worth just double-checking the ‘ds-pwp-password-policy-dn’ attribute of your test user though, just to be sure that the password policy that you think applies actually does apply!)
-Andy
You must be logged in to reply to this topic.
