User password changes, LDAP issue when changed
We have IDM 6.0 SP1 configured to use pass-through authentication to LDAP 1st then lookup in IDM for logins. Our LDAP directory resource is configured using Directory Manager as our user who makes all the changes to LDAP.
We have applications that just use the LDAP directory for their authentication source(but the people are managed by IDM). When a user needs to reset/forgot their password in the system, they use the /user website to change the password. They enter their userid, and use the 'forgot your password' button, and must answer their questions correctly to change their password. This changed password is saved in both IDM and LDAP. However in LDAP the 'passwordexpirationtime' is set to '19700101000000Z', which means the next time they login using the LDAP directory as their authentication source, they are forced to change the password again.
When an admin person resets their password, this is an expected result, that they must change the password again. However, when the user self-resets their password, we don't want this to happen. So the passwordexpirationtime would be set according to the password time policies on the system.
What needs to be done to accomplish this? Is there a setting in IDM that understands it's the User changing their password, rather than an admintype person, so the LDAP password is set correctly?
Thanks for the help! Gene
