I am in the process of creating a web-based mechanism to allow our users to change their password on our new 389-ds server.  I would like to display the date that their password is due to expire, and while Googling around, I see a lot of references to pwdLastSet, but about 95% of the articles are referring to Active Directory.  I don't see pwdLastSet amongst the attributes in my default 389-ds setup.  Is it there, or do I have to add that attribute to every account?

Also, I currently have my pages set up where, when the user logs in, it detects our 'default' password and forces them to change it.  Is there some attribute in their account that I can set that I can key off of and force them to change their password when they login to my site?

Thanks for any tips!
Harry

Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine@faa.gov