When we create USERID's in our main authentication tree we are using IDM
to synchronise the USERID's and password information to a 2nd tree for
external web authentication behind iChain (being changed at the moment)
The PED expiry date in the Main authentication tree is set expired and
UP policy kicks in. BUT the PED on the 2nd tree has 90 days added to it
and the password is not expired.
If the user now logs into the desktop all appears as it should - user
is prompted to change their password. If however the user first logs
into a web/ichain resource they are not being prompted to change their
password as they should be. We have UP setup on both trees with the
same policy settings i.e passsword length, 90 days expiry, combination
of characters in password.

Any ideas as to where to start looking for what is adding the 90 days
to the 2nd tree Please?

mcunningham's Profile: http://forums.novell.com/member.php?userid=21632
View this thread: http://forums.novell.com/showthread.php?t=451641