Reset Search



KB17423 - Caveats when using LDAP based Password Management functionality through PCS.

« Go Back


Last Modified Date8/1/2015 3:33 PM

This article lists some caveats with password management that exist with an LDAP authentication server instance configured on PCS or PPS devices.

Problem or Goal
  1. Password Management must be enabled at the realm level if the administrator wants to enable password expirations or require a user to change their password at the next log-on.  This setting is enabled by default.
To enable password management go to User Realms > <realm> > Authentication Policy > Password

  1. When using Sun One/iPlanet as an Authentication server and the password policy in iPlanet enforces both “password expiration in X days” and “allow password change after Y days”, if the user's password is reset (or changed) then the user’s profile will have a new password expiration date. However, if the password expiration time frame is changed (for example from 10 days to 20 days), then the user’s profile will still show the old password expiration date. This is a limitation of Sun One/iPlanet.
  2. AD Domain Controllers synchronize security policy settings every 5 minutes. If a change is made to the security policy, for example “minimum password length”, it could take up to 5 minutes before that change propagates to all domain controllers. This also applies to the domain controller that the change was originally performed on.  

Related Links
Attachment 1 
Created ByData Deployment



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255