Overview#EDirectory Password Expiration within eDirectory.
The conditions that control the "Password Expired" mechanism are defined within the Universal Password Policy. The important values within the nspmPasswordPolicy Password Policy are shown below: (showing typical values)
- Number of days before password expires (0-365): 30 Days
- Limit the number of grace logins allowed (0-254): 02 Attempt(s)
- passwordExpirationTime - forward the number of days specified in Password Policy value for the Days Between Forced Changes field (passwordExpirationInterval).
- passwordExpirationInterval - to the value of the Password Policy's passwordExpirationInterval (This is done for non-Universal Password client's backward compatibility)
How EDirectory Password Expiration is performed#Then when the user performs a bind Request the server reads the entry's value for passwordExpirationTime and decides whether the Password Expired.
When using Universal Password Policies then the policy will be enforced such that you cannot extend the passwordExpirationTime beyond what the policy says is valid. You can, however, set the passwordExpirationTime to be earlier than the Universal Password Policy and the password will expire at the earlier time.