I have inherited an instance of 389 Directory Server running version 1.2.10.2. I have observed some inconsistency in the server's behavior when I apply a user-level password policy to an account which has not previously had one (either directly via a user-level policy or indirectly via a subtree-level policy). I have applied a basic policy with a 7-day password expiration and 7-day warning period on several accounts. When I did this, some accounts seemed to start the 7-day clock upon a subsequent login, while others seemed to have no observable effect (i.e. the account state warning for a near expiration is not returned after authentication).
Does anyone know what factors could result in this inconsistency in this version? The behavior seems to diverge along account age lines, with older accounts seeming to behave differently than the newer accounts, leading me to wonder if someone previously applied and removed password policies at either the user- or subtree-level in the past, and if so, whether that could potentially lead to the inconsistency I'm observing.
A secondary question: does anyone know if it is possible to see the state of the expiration timer for accounts in this version?
Any information or advice anyone has is appreciated. I can provide more information about the server in question if necessary.
Thanks,
Darren
Darren M. Struthers
Systems Developer
Information & Technology Services
Pacific Lutheran University
Tacoma, WA 98447
Phone: 253.535.7470
Systems Developer
Information & Technology Services
Pacific Lutheran University
Tacoma, WA 98447
Phone: 253.535.7470
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
