Thank you Lukas.
In our environment we only expose ldap read-only consumers and password
changes are done using a custom in-house application in php that is
accessing one of the providers in write mode. When a user changes
password, I found out that slapd will generate pwdChangedTime
On (03/12/15 20:24), Mario Rossi wrote:
>Hi,
>
>We have the need to add password (not account) expiration in ldap and I
>see that sssd supports pwd policies. What's the recommended way of
>achieving password expiration keeping in mind the following:
>
>* currently there are no shadow attributes