I am trying to work out how to evaluate when an IDM eDir users password
has expired (maybe 7 days ago), and use this to trigger an action such
as disable / lock the AD account.

To explain our environment, we have password set and sync going from
eDir to AD one way only. Passwords are set using UserApp.
We don't have a password policy effective in AD, so all users are set
to Never Expire. We use Jobs to notify users of upcoming password
expiry, but of course the jobs are not able to add a custom action such
as disable an account if the password has not been reset before expiry

I've just started looking at Lothar's PWNotify driver but wanted to
check that this is the way to go. I think I might be able to modify one
of the password expiry checks to look at an already passed date, then
trigger the required action.

Any thoughts or ideas would be welcome!


phillipsw's Profile: http://forums.novell.com/member.php?userid=5619
View this thread: http://forums.novell.com/showthread.php?t=453592