Is it possible to synchronize password expiration times between AD and LDAP? We're just discovering that the AD sync to LDAP doesn't update shadowLastChange which we are currently using on the LDAP side. Should we use a different scheme for password expiration?
On 01/02/2013 10:46 AM, Orion Poplawski wrote:
Is it possible to synchronize password expiration times between AD and LDAP? We're just discovering that the AD sync to LDAP doesn't update shadowLastChange which we are currently using on the LDAP side. Should we use a different scheme for password expiration?
It's not possible. Please file an RFE ticket.
On 01/03/2013 08:15 AM, Rich Megginson wrote:
On 01/02/2013 10:46 AM, Orion Poplawski wrote:
Is it possible to synchronize password expiration times between AD and LDAP? We're just discovering that the AD sync to LDAP doesn't update shadowLastChange which we are currently using on the LDAP side. Should we use a different scheme for password expiration?
It's not possible. Please file an RFE ticket.
Filed: https://fedorahosted.org/389/ticket/548
However, we're probably going to switch to using the internal 389ds password expiration (passwordExpirationTime) which does get updated during the sync. Seems like a better and more general solution.
389-users@lists.fedoraproject.org