3 Replies Latest reply: Jan 24, 2013 7:22 AM by Deprecated RSS

    User password expiration

    Deprecated
      Hello.

      It seems that passwordExpirationTime LDAP attribute doesn't work at all. I can add it to a user entry but it has no effect, no matter what value it has. Do we have to set any configuration value in order to active it? Is there any other way to achieve some kind of "user password expiration" feature?

      Thank you very much.
        • 1. Re: User password expiration
          benvanloock-Oracle
          Hi,

          in respect to password aging, the following two enhancement requests are open :

          on Messaging : 12093863: SUNBT4538996 PASSWORD AGING SUPPORT
          on Convergence : 12251399: SUNBT6763009 CONVERGENCE LOGIN SHOULD WARN IF PASSWARD EXPIRES SOON

          The above is also mentioned in the knowledge document :
          Does Messaging Server Or Convergence Support Password Aging Policy ? (Doc ID 1474404.1)

          On 12093863, this feature will be implemented in the messaging patch-28. There is no news available yet from the Convergence side on 12251399.

          Cheers, Ben
          • 2. Re: User password expiration
            cnewman
            Password expiration should work with ODSEE as long as you set up the LDAP password policy subentry correctly to apply to the user entires. See the ODSEE documentation for details on how to administer password policies.

            The problem that the Messaging Server enhancement will resolve is that the error code you get from Messaging Server when the password expires will be a generic authentication failure. Once that enhancement is available, you'll instead get a proper password expired error from the Messaging Server.
            • 3. Re: User password expiration
              Deprecated
              Thank you both very much.

              A super-quick guide would be:

              1.- Create password policy.

              dn: cn=PasswdPolicy,ou=example,o=mydomain.com
              objectClass: top
              objectClass: ldapsubentry
              objectClass: passwordPolicy
              objectClass: sunPwdPolicy
              objectClass: pwdPolicy
              cn: PasswdPolicy
              pwdMaxAge: 864000
              pwdAttribute: userPassword

              864000 seconds = 10 days, as an example.

              2.- Apply policy to the user.

              pwdPolicySubentry: cn=PasswdPolicy,ou=example,o=mydomain.com

              This is the password policy documentation for Sun Directory Server 6.0: http://docs.oracle.com/cd/E19693-01/819-0995/fhkrj/index.html