I have some problems with a few user accounts. When they try to bind to
eDirectory using LDAP with an invalid password, their password
expiration date value gets set to the current date & time. This means
that afterwards, they can only log in for the number of times specified
by their grace login count due to their account being expired.

In essence: wrong LDAP password = password expiry date being set to
current date and time, but only for some users

Any ideas what would cause this behavior?

jf_poulin's Profile: https://forums.netiq.com/member.php?userid=10576
View this thread: https://forums.netiq.com/showthread.php?t=54363