Hello all, I have a need to keep the password change interval at XX days
in the identity vault and XX+5 days in the remote tree, (so I cant sync
expiration time). This works fine because the password policy in the
remote tree picks up the password change and sets the interval to XX+5.
Problem is, I need to expire the password in the remote tree when the
admin resets it in the IDV. By not synching the password expiration, the
password in the remote tree does not get expired. I already have a rule
that sets an attribute on the user in the IDV if the admin resets the
password - adminReset. I am trying to build a rule that keys on that and
sets the destination attribute of Password Expiration to a time in the
past and then clears the adminReset attribute from the user. I was
hoping to do this on just the IDV side of the driver. See rule below.
Any ideas on this would be great. Thank you.

<description>Set "Admin Expire Password in Remote Tree"</description>
<if-op-attr name="adminReset" op="available"/>
<do-set-dest-attr-value name="Password Expiration Time">
<arg-value type="time">
<token-text xml:space="preserve">20000101000000Z</token-text>
<do-strip-op-attr name="adminReset"/>

jpoisson's Profile: https://forums.netiq.com/member.php?userid=845
View this thread: https://forums.netiq.com/showthread.php?t=49900