I've recently set up IDM 4.0.2 in our test lab and have the
Bi-Directional eDirectory driver set up between my vault and an eDir
tree. I'm able to create/delete/modify user attributes going both ways
but I'm running into something when working with passwords.

Here's the situation I'm in:

I have enabled Universal Password in both the vault and my tree.
In both the vault and the tree the effective Password Policy on the
user has the same settings.

I have the user initiate a password change in the tree and the pw is
properly synced into the vault.

I have the user initiate a password change in the vault and the pw is
synced into the tree. However, the next time the user logs in to the
tree the pw is in an expired state and wants to be changed again.

Here is a link of a lv5 trace of a password change from the vault to
the tree: http://paste.opensuse.org/11449427

I'm I incorrect in thinking that initiating a password change in the
vault should change the pw expiry time in the tree?

pkoochin's Profile: https://forums.netiq.com/member.php?userid=169
View this thread: https://forums.netiq.com/showthread.php?t=2358