<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] has an [OID] of [2.16.840.1.113719.1.1.4.1.68] and is the value when [Password Expiration] occurs. (Not considering [Grace Logins])


The value is set on a user whenever a [Password Modify Operation] happens or whenever a [Edirectory Password Policy] is set for &quot;Number of days before password expires&quot; which will set the [{$pagename}] value on the user.

[{$pagename}] can be set to an &quot;earlier&quot; time than the calculated setting form the [Edirectory Password Policy] and the value will be honored. [{$pagename}] can NOT be se to a later value.

%%warning
When using [EDirectory], to to make the [{$pagename}] effective, you must also Enable [Grace Logins].
%%
Some setting similaer to:
* [loginGraceLimit]: 1
* [loginGraceRemaining]: 0


!! How is the password expiration time calculated when using the [NMAS] [Universal Password]?
The determination of whether a user's [NMAS] [Universal Password] has [expired|Password Expired] is __not__ totally based on using the date and time value for the [{$pagename}] [Attribute Value] for a user.  It is used but is first calculated dynamically on login then compared to it. 

The [Universal Password] [Password Expired] [Algorithm] performs the following calculations: 
* Lookup the [entity]'s associated [Edirectory Password Policy] [PasswordExpirationInterval] [Attribute Value] 
* Examine the [entity]'s [nspmPassword] attribute timestamp ([PwdChangedTime]).
* Add the [PasswordExpirationInterval] to the [nspmPassword] modification timestamp ([PwdChangedTime]) on the [entity].
* If this value less than [{$pagename}] [Attribute Value]?  then the [{$pagename}] value is updated.
* Compare [{$pagename}] value to the current server time to determine if the [Password Expired].

!! [{$pagename}] is calculated
[{$pagename}] is calculated by adding the [passwordExpirationInterval] to the [pwdChangedTime]. 

[{$pagename}] is calculated when there is a [Password Modify Operation] (determined from the [PwdChangedTime]) and and it is recalculated during login if the [passwordExpirationInterval] has been changed to a shorter amount of time or if the [Edirectory Password Policy] has been changed.

!! [Password Reset] and [{$pagename}]
[Edirectory Administrative Password Changes] may affect the values for [{$pagename}].


!! [LDAP] [Attribute] Definition
The [{$pagename}] [AttributeTypes] is defined as:
* [OID] of [2.16.840.1.113719.1.1.4.1.68]
* [NAME|Attribute-Name]: [{$pagename}]
* [DESC]: 
* [OBSOLETE flag] (only if present)
* [Supertype]: 
** (only if present)
* [EQUALITY]: []
* [ORDERING]: []
* [SYNTAX]: [1.3.6.1.4.1.1466.115.121.1.24] [GeneralizedTime]
* [SINGLE-VALUE]
* [NO-USER-MODIFICATION] (only if present)
* [USAGE]: [UserApplications] 
* [Extended Flags]: 
** [X-ORIGIN]: []
** [X-NDS_NAME]: Password Expiration Time
** [X-NDS_NONREMOVABLE]: 1
* Used as [MUST] in:
** 
* Used as [MAY] in:
** [inetOrgPerson]
** [ndsLoginProperties]
** [nspmPasswordAux]
** [Template]



!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [How NMAS calculates and modifies the password expiration time when using the Universal Password|https://support.microfocus.com/kb/doc.php?id=7016942|target='_blank'] - based on information obtained 2020-03-29 
</pre>