Pre-Expire eNovell Directory (LDAP) Password – passwordExpirationTime

eNovell Directory has an attribute called ‘passwordExpirationTime’. When a user changes their password in eDirectory the system automatically sets the passwordExpirationTime attribute to the system default of 365 days. In one year, the user will be prompted to change the password.

When creating new accounts, the attribute needs to be set to the previous day, e.g. now-1d. So at first login, the user is prompted to change the password.

We tried to set ‘now-1d’ value in the eDirectory Create Account Provisioning Policy (using LDAP connector), but the system keeps overwriting the passwordExpirationTime attribute with the default of one year.

I can set passwordExpirationTime value if I configure it for synchronization, so we know it is not a permissions issue. But the requirement for the attribute is that it is set at account creation only.

I could not find a way to update the account using Workflows.

Does anyone know of a workaround to set the passwordExpirationTime at account creation and not have the system override it?

Hey Faye,
Are you sure IdentityNow is over-riding the value ? I am suspecting this is happening at the target system level. Can you try to create user in target and put the date as 1 day prior and see if it supports ?


eDirectory is over-writing the value for sure. We suspect that after account creation the password was set and that triggered the password expiration time to update.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.