On 01/03/2013 08:15 AM, Rich Megginson wrote:
On 01/02/2013 10:46 AM, Orion Poplawski wrote:
> Is it possible to synchronize password expiration times between AD and
> LDAP? We're just discovering that the AD sync to LDAP doesn't update
> shadowLastChange which we are currently using on the LDAP side. Should we
> use a different scheme for password expiration?
>
It's not possible. Please file an RFE ticket.
Filed:
https://fedorahosted.org/389/ticket/548
However, we're probably going to switch to using the internal 389ds password
expiration (passwordExpirationTime) which does get updated during the sync.
Seems like a better and more general solution.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder Office FAX: 303-415-9702
3380 Mitchell Lane orion(a)nwra.com
Boulder, CO 80301
http://www.nwra.com