No password expiration warning

Dear,
When setting a password with the use of the command passwd -w <days> <username>, the selected user is not being warned about the expiration date when logging in.
However, when using passwd –f <username> it prompts the user at the login for a new password.
Example:
passwd -w 7 extelt
passwd -x 30 extelt
passwd -s extelt
(Command set at 7/6/2011)
So the password expires at 07-07-2011.
Should start warning the user at 30-06-2011.
As explained, there are no warnings given from the 'checkpoint (30-06-2011)'.
What else can i try?
Thanks in advance.
Regards,
Tommy

Did you also upgrade the Password Compatibility to 6?
If so, then all the password attributes will have a prefix of "pwd" instead of "password" so it might break somethings in your application if it is looking for "passwordExpirationTime" or something.
Thanks.

Similar Messages

OID Not send password expiration warning

Hi all,
i have set password policy with the follow attributes:
pwdexpirewarning: 10367998
pwdmaxage: 10368000
When user logon the attribute pwdexpirationwarned is set, but expiration message with error code 9002 is not send.
Solution?
Thanks

which OID version are you using?
--Olaf

Leopard: AD Plugin Doesn't Warn Me When My AD Password Expires?

I just noticed that my Windows PC is informing me that my AD password will expire in days. However, My Leopard Mac which is also bound to the same AD domain is not giving me the password expiration warning. I know that the AD plugin in Tiger (10.4.x) used to warn me about upcoming password change policies etc, but 10.5.1 is not.
Has anyone noticed this behavior?
Also - has anyone had any luck changing their AD password from a 10.5 client using the Accounts Preference Pane? I remember that Tiger was a little buggy sometimes...

Thanks Strontium90!
Turns out that is exactly what happened. I am testing the adpassmon utility now... very cool! I like how it allows you to change you password.
I have had quite a few occasions where users change their passwords at login when their AD password expires... which knocks their keychain out of sync. This tool may just be the ticket.
One again, many thanks!
Ray

Unable to raise password expiry warning exception in OID using JAVA API

Hi,
We are maintaing the user information for our application in OID(9.2). During logon, it is required that a warning is given to the user according to the value set in "Password Expiration Warning" parameter.
A pl/sql program (using DBMS_LDAP/DBMS_LDAP_UTL packages) written to test password expiry raises the PWD_EXPIRE_WARN exception as expected. However we are unable to simulate the same using the JAVA APIs.
We did try some thing like the following:
public class SampleExpire {
public static void main(String argv[])
throws NamingException {
// Create InitialDirContext
InitialDirContext ctx = ConnectionUtil.getDefaultDirCtx( "TCS-UUODC4",
"4032",
"cn=orcladmin",
"welc0me" );
System.out.println("Hello");
// Create User Objects
User myuser = null,
try {
// Create User using a subscriber DN and the User DN
myuser = new User ( ctx,
Util.IDTYPE_DN,
"uid=C100013, ou=People, o=UUSD",
Util.IDTYPE_DN,
"ou=People, o=UUSD",
false );
catch ( UtilException e ) {
* Exception encountered in User object constructor
System.out.println("User creation failed");
// Authenticate User
try {
myuser.authenticateUser(ctx,User.CREDTYPE_PASSWD,"Z100013");
catch ( UtilException e ) {
* Authenticate fails
System.out.println("Authentication failed");
} // End of SampleExpire.java
The authenticate user does not raise any exception.
Am I missing something ?
Regards -
Adhiraj

Hi,
did you manage to solve this problem? Please let me know

Portal Users Passwords expiring

In 9.02 it seems my portal users passwords seem to expire for no reason. When it happens, I have to go in and manually re-set their passwords. Is this a bug or is there some place to control this.

Set the number of seconds before password expiration that the directory server
sends the user a warning. By default the "Password Expiration Warning"
parameter is set to 0, which disables the expiration warning.
Also if the users need to be able to login after the password expiration set
the "Number of Grace Logins after Password Expiration" parameter to a
number greater than 0.
Change these parameters in the following manner:
1. Start the Oracle Directory Manager from the home of the iAS Infrastructure
2. Login as the OID administrator, i.e. orcladmin
3. Click on the + on the left of Password Policy Management
4. Click on your password policy to change the settings on the right pane
5. Set the Password Expiration Warning in seconds i.e. 259200 for 3 days.
6. Set the Number of Grace Logins after Password Expiration to a greater than 0
value i.e. 1. This will add a last opportunity for the user after his/her
password expired.

Windows 7 Expired Password - Recvd Warning prompts but not forced to change password

Our Windows 7 users are prompted when their passwords will expire in 14 Days, however They are not forced to change thier password before it expires. If the users ignore the expiration warning they can only get logged into the network after having the helpdesk
reset thier password.
Is there a way to force Windows 7 users to change thier passwords on the day it expires. Our WinXP users get the 14 day warning and are forced to change thier passwords on day 14.
I have the GPO configured to notifiy users when thier passwords will expire in 14 days
Thank you,
Glen

Hi,
After applying above settings, the user can change the password by default at the expire day. Please create a new domain profile and test the issue on several Windows
7 machines. Can the user be enforced to change password at expire day? If not, please refer to the following steps to collect the information for research.
1. On the DC, open GPMC, right-click Group Policy Results, choose Group Policy Results Wizard, follow the wizard to collect a Group Policy result for problematic
Windows 7 client.
2. On the Windows 7 machine where GPO failed to apply, please perform the following steps to collect log files:
a) Please add the specified registry key to enable group policy log (%windir%\debug\usermode\gpsvc.log), and remove or rename it to disable group policy log after
collecting data. You may need to create the Diagnostics key if it is not there.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
Type: DWORD
Value: GPSvcDebugLevel
Data: 0x30002 (hexadecimal)
b) Then on the problematic Win7 machine, run command “gpupdate /force”.
c) Then on the problematic Win7 machine, run command “gpresult /v > gpr_win7.txt”, send me gpr_win7.txt file.
d) On the problematic Win7 machine, run command “eventvwr”, then expand to Applications and service logs -> Microsoft -> windows -> groupPolicy
-> Operational. Right-click on it and click “save event as”. Save the file as .evtx format and send it to me.
e) After that, please send me the above output files. (please zip them first and then send them to me).
- %windir%\debug\usermode\gpsvc.log
- gpr_win7.txt
- win7.evtx
Please use Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the GPMC
result and the zip files, and then give us the download address.
Thanks,
Novak
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

Capturing the Message on the Login Page (Invalid user/password expired etc.

Hi, I have a requirment for capturing the error message on the Login page if the User's Account is expired or Account is Disabled or Invalid credentials, Password Lockout etc.
I am using the attached login page. Can any one please help me out on this.
<html><head><title>AARPLogin Page</title>
<script type="text/javascript" language="JavaScript" xml:space="preserve">
// This function automatically gets called for broswer detection
var isNav4 = false;
var isIE4 = false;
var isNS6 = false;
function obDetectBrowser()
if ( navigator.appVersion.charAt( 0 ) == "4" )
if ( navigator.appName == "Netscape" )
isNav4 = true;
} else {
isIE4 = true;
else
if ( navigator.appVersion.charAt( 0 ) >= 5 )
if ( navigator.appName == "Netscape" )
isNS6 = true;
obDetectBrowser ();
var HOSTNAME =
var COOKIE_OBREQUESTEDURL = "OBREQUESTEDURL";
var COOKIE_OBFORMLOGINCOOKIE = "ObFormLoginCookie";
var NCID_LANDING_PAGE_URL = "/landing/";
var QS_REDIR = "ReDir";
var keyChooser;
function checkPasswordEnterKey( event )
var form = document.forms[0];
if (isNav4 || isNS6) {
keyChooser = event.which ;
} else if (isIE4) {
keyChooser = window.event.keyCode;
if (keyChooser == 13) {
if (
form.userid.value
&& form.userid.value != ""
&& form.password
&& form.password.value != ""
form.submit();
return true;
else
alert('Please enter a UserId and Password');
return false;
function showHidePanel( panelID, displayValue )
var panelElement = document.getElementById( panelID );
if ( displayValue == 'show' )
panelElement.style.display = 'block';
else
panelElement.style.display = 'none';
function getQueryVariable( variable )
var query = window.location.search.substring( 1 );
var vars = query.split( "&" );
for ( var i=0; i < vars.length; i++)
var pair = vars[ i ].split( "=" );
if ( pair[ 0 ] == variable )
return unescape( pair[ 1 ] );
return "";
function Get_Cookie( name )
var nameEQ = name + "=";
var ca = document.cookie.split( ';' );
for( var i=0; i < ca.length; i++ )
var c = ca[ i ];
while ( c.charAt( 0 )==' ' )
c = c.substring( 1, c.length );
if ( c.indexOf( nameEQ ) == 0 )
return c.substring( nameEQ.length, c.length );
return null;
function Set_Cookie( name, value, expires, path, domain, secure)
document.cookie = name + "=" + escape( value ) +
( ( expires ) ? ";expires=" + expires.toGMTString() : "" ) +
( ( path ) ? ";path=" + path : "" ) +
( ( domain ) ? ";domain=" + domain : "" ) +
( ( secure ) ? ";secure" : "" );
function Delete_Cookie( name, path, domain )
if ( Get_Cookie( name ) )
document.cookie = name + "=" +
( (path) ? ";path=" + path : "" ) +
( (domain) ? ";domain=" + domain : "" ) +
";expires=Thu, 01-Jan-1970 00:00:01 GMT";
function lostPassword()
var CurrentLogin = document.forms[0].userid.value;
if ( CurrentLogin == "" ) {
alert ( "Please enter your eMail Address." );
document.forms[0].userid.focus();
else {
Set_Cookie( COOKIE_OBFORMLOGINCOOKIE, "done", 0, "/" );
var LOST_PWD_PAGE = "/identity/oblix/apps/lost_pwd_mgmt/bin/lost_pwd_mgmt.cgi?program=passwordChallengeResponse&login="+CurrentLogin+"&backUrl=http://oradev2.na.aarp.int/login/login.html&target=top";
window.location = LOST_PWD_PAGE;
function emailPassword()
document.passform.submit();
function onLoad()
if (getQueryVariable( "MSG" ) == 'LOGIN_FAILED' )
alert ("Login Failed, Please try again");
else if (getQueryVariable( "MSG" ) == 'PWD_EXP' )
alert ("Your Password Is About to Expire. Please Change it at your earliest convenience.");
var pwdExpUID = getQueryVariable( "login" );
var hostTarget = getQueryVariable( "hostTarget" );
var resURL = getQueryVariable( "resURL" );
var PWD_EXP_PAGE = "/identity/oblix/apps/lost_pwd_mgmt/bin/lost_pwd_mgmt.cgi?program=redirectforchangepwd&login="+pwdExpUID+"&backURL="+hostTarget+resURL+"&target=top";
window.location = PWD_EXP_PAGE;
else if (getQueryVariable( "MSG" ) == 'CHGPWD' )
alert ("You are required to change your password.");
var chgPwdUID = getQueryVariable( "login" );
var hostTarget = getQueryVariable( "hostTarget" );
var resURL = getQueryVariable( "resURL" );
var CHG_PWD_PAGE = "http://"+HOSTNAME+"/identity/oblix/apps/lost_pwd_mgmt/bin/lost_pwd_mgmt.cgi?program=redirectforchangepwd&login="+chgPwdUID+"&backURL="+hostTarget+resURL+"&target=top";
window.location = CHG_PWD_PAGE;
</script></head><body onload="onLoad();document.login.userid.focus();" alink="blue" bgcolor="#ffffff" link="blue" vlink="blue">
<p align="center">
<img alt="AARP Header Logo" src="login_files/aarpLogo.gif" border="0" height="91" width="219">
<br>
</p><form name="login" method="post" action="/access/oblix/apps/webgate/bin/webgate.so">
<div class="boldText" align="center">
<h2>Login</h2>
<div class="boldText" align="left">
<div id="LoginFailed" style="display: none;">
<table align="center" bgcolor="#ff0000" border="0" cellpadding="2" cellspacing="0" width="500">
<tbody><tr>
<td>
<table bgcolor="#e5e5e5" border="0" cellpadding="5" cellspacing="0" width="100%">
<tbody><tr bgcolor="#ffffff">
<td rowspan="3" height="40" nowrap="nowrap" valign="top">
<img src="login_files/error.gif" name="error" height="20" width="20">
</td>
<td rowspan="3" align="center">
<p>
<font color="#ff0000" size="-1">
<b>
<div id="TryAgain" style="display: none;">Login Failed! Invalid UserID and/or Password, Please try again.<br></div>
<div id="AccountLocked" style="display: none;">Your Account has been Locked!</div>
</b>
</font>
</p>
<p>
<font color="#ff0000">
<b>For
assistance call E-Services Help Line at (XXX) XXX-XXXX Monday through
Friday between the hours of 8:00 am and 5:00 pm eastern standard time.</b>
</font>
</p>
</td>
</tr>
<tr bgcolor="#ffffff">
</tr><tr bgcolor="#e5e5e5">
</tr></tbody></table>
</td>
</tr>
</tbody></table>
</div>
<br>
</div>
<table border="0" cellpadding="0" cellspacing="0" width="500">
<tbody><tr>
<td background="login_files/border_upper_left.gif" height="20" nowrap="nowrap" width="20"> </td>
<td background="login_files/border_top.gif" height="20" nowrap="nowrap"> </td>
<td background="login_files/border_upper_right.gif" height="20" nowrap="nowrap" width="20"> </td>
</tr>
<tr>
<td background="login_files/border_left.gif" nowrap="nowrap" width="20"> </td>
<td>
<table bgcolor="#ebebce" border="0" cellpadding="2" cellspacing="0" height="100%" width="100%">
<tbody><tr>
<td colspan="3" align="center">
<font color="darkred" face="Arial" size="3">
<b>
</b></font>
<b> </b></td>
</tr>
<tr valign="bottom">
<td colspan="3" width="100%">
<table bgcolor="#ebebce" border="0" cellpadding="5" cellspacing="0" width="100%">
<tbody><tr bgcolor="#e5e5e5">
<td rowspan="2" bgcolor="#ebebce" height="20" nowrap="nowrap" valign="top" width="4%">
<font color="#000000">
<span class="text">
<img src="login_files/arrow.gif" align="top" height="20" width="20">
</span>
</font>
<font color="#000000"> </font>
</td>
<td rowspan="2" bgcolor="#ebebce" width="96%">
<font color="#000000" size="-1">
<span class="text">Please enter your Email and Password. If you are a new user to AARP, please select First Time AARP User.
</span>
</font>
</td>
</tr>
<tr bgcolor="#e5e5e5">
</tr></tbody></table>
</td>
</tr>
<tr valign="bottom">
<td colspan="3">
<table align="center" border="0" width="349">
<tbody><tr>
<td nowrap="nowrap" width="74">
<font color="#000000" size="-1">
<div align="left">eMail:</div>
</font>
</td>
<td width="265">
<input name="userid" value="" size="32" maxlength="32" tabindex="2" type="text">
</td>
</tr>
<tr>
<td>
<font color="#000000" size="-1">
<div align="left">Password:</div>
</font>
</td>
<td>
<p>
<font color="#000000" size="-1">
<input name="password" size="32" maxlength="32" length="30" tabindex="3" type="password">
</font>
</p>
</td>
</tr>
</tbody></table>
</td>
</tr>
<tr>
<td>
<font color="#000000" size="-1">
<p align="center"><b>Forgot Your Password?</b></p>
</font>
</td></tr>
<tr>
<td align="center"> <font color="#000000" size="-1">
Email New Password
</font>
</td></tr>
<tr>
<td colspan="4">
<div class="boldText" align="center">
<br>
<input src="login_files/button_login.gif" name="Submit" value="" alt="login" type="image">
 <b class="boldText"><img src="login_files/button_clear.gif" name="img_clear" alt="clear" border="0" height="25" width="68"></b>
<b class="boldText"><img src="login_files/button_help.gif" name="img_help" alt="help" border="0" height="25" width="68"></b>
<b class="boldText"><img src="login_files/button_cancel.gif" name="img_cancel" alt="cancel" border="0" height="25" width="68"></b>
</div>
</td>
</tr>
</tbody></table>
</td>
<td background="login_files/border_right.gif" nowrap="nowrap" width="20"> </td>
</tr>
<tr>
<td background="login_files/border_lower_left.gif" height="20" nowrap="nowrap" width="20"> </td>
<td background="login_files/border_bottom.gif" height="20" nowrap="nowrap"> </td>
<td background="login_files/border_lower_right.gif" height="20" nowrap="nowrap" width="20"> </td>
</tr>
</tbody></table>
<p></p>
<span class="text"><br><br><b>NOTICE:
This system is the property of AARP and is for authorized use only.
Unauthorized access is a violation of federal and state law. All
software, data transactions, and electronic communications are subject
to monitoring.</b></span>
<div id="hr" style="position: absolute; width: 100%; height: 10px; z-index: 90; top: 657px; left: 10px;">
<hr>
</div>
<div id="footer" style="position: absolute; width: 700px; height: 55px; z-index: 115; top: 678px; left: 50px;">
<span class="subhead">
Privacy Policy
Disclaimer
Contact Us
</span>
<span class="bodytext">
</span></div>
<form name="passform" action="http://oradev2.na.aarp.int/wampassword/passwordReset.html" method="post">
<input name="login" value="" type="hidden">
<input name="backUrl" value="http://oradev2.na.aarp.int/login/login.html" type="hidden">
</form>
<script type="text/javascript" language="JavaScript" xml:space="preserve">
var undefined;
if (
document.login
&& document.login.password
function clearForm()
document.login.reset();
function navigate( linkName )
if ( 'login' == linkName )
if ( document.accountLogin.userID.value != '' && document.login.password.value != '' )
alert('Please click the Account Registration Setup link for now');
//document.location = 'userDataPersonal.htm';
else
alert('Please enter a UserId and Password');
function openHelp()
helpDoc = window.open( "http://www.aarp.org", "", "scrollbars=yes,resizable=yes,width=500,height=300" );
function cancel()
// open dialog
var initX = parseInt( window.screenX ) + parseInt( window.outerWidth ) / 2 - 100;
var initY = parseInt( window.screenY ) + parseInt( window.outerHeight ) / 2 - 50;
cancelDialog = window.open( "./cancelDialog.html", " cancelDialog", "resizable=yes,toolbar=no,menubar=no,width=200,height=150,screenX=" + initX +",screenY=" + initY );
</script>
</div></form></body>
<script type="text/javascript">
</script></html>

Is it not possible that someone fired the password expiration cmd ?
SQL> select limit
2 from   dba_profiles
3 where profile='DEFAULT'
4 and resource_name='PASSWORD_LIFE_TIME';
LIMIT
UNLIMITED
SQL> select profile from dba_users where username='MYUSER';
PROFILE
DEFAULT
SQL> conn myuser/myuser
Connected.
SQL> conn / as sysdba
Connected.
SQL> alter user myuser password expire;
User altered.
SQL> conn myuser/myuser
ERROR:
ORA-28001: the password has expired
Changing password for myuser
New password:
Password unchanged
Warning: You are no longer connected to ORACLE.
SQL> conn / as sysdba
Connected.
SQL> select name, astatus, TO_CHAR(ctime,'DD-MM-YYYY HH:MI') CTIME, TO_CHAR(ptime,'DD-MM-YYYY HH:MI') PTIME, TO_CHAR(EXPTIME,'DD-MM-YYYY HH:MI') EXPIRE
2 from sys.user$ where name ='MYUSER';
NAME
   ASTATUS CTIME
PTIME
EXPIRE
MYUSER
         1 23-11-2011 11:15
23-11-2011 11:15
23-11-2011 11:17
SQL>Nicolas.

User login fails : password expired

Dear portal-gurus,
We're having an issue with our portal 6.0 SP15 installation. When the administrator creates a new user and that user tries to login, the error message is : password expired (no chance for the user to change / reset / his password, although this setting is enabled in the security tab).
When a user registers himself on the portal login page he can successfully login / change his password / etc.
Any help would be very appreciated !
Thanks in advance,
Stefaan Ovaere

Thanks a lot for this information... BUT...
When I try http://<server>:<port>/index.html UME asks my user to change his password. So that works. However, on the standard login page, the only message is password expired or authorization failed (for new users created by the administrator).
In the security.log file I can find :
#1.5#0014224913690069000000180000126C00040BE085A1BE39#1138958849548#/System/Security/Audit#sap.com/irj#com.sap.security.core.util.SecurityAudit#Guest#0####4bea74c0949711daa2a8001422491369#SAPEngine_Application_Thread[impl:3]_20##0#0#Warning#1#com.sap.security.core.util.SecurityAudit#Plain###Guest | LOGIN.ERROR | NONE = null | | Login Method=[default], UserID=[stova], IP Address=[192.168.22.141], Reason=[Access Denied.]#
But I have no clue to what this is related ! Changing the security login policy ( allow change password ) on TRUE or FALSE seems to have no effect.
We do not use LDAP... so we're talking about pure portal users.
Thanks a lot for your help,
Stefaan Ovaere

SYS and SYSTEM user password expired

My 11g2 database on Redhat 5 has sys and system user password expiredSQL> select username,account_status,EXPIRY_DATE
from dba_users where username like 'SYS%';
2
USERNAME                       ACCOUNT_STATUS                   EXPIRY_DA
SYSMAN                         OPEN
SYSTEM                         OPEN                             15-FEB-11
SYS                            OPEN                             15-FEB-11But I can still connect the databsae with t expired password.
Do I need worry about the expiration of these user's password? For a normal user, I connot login with expired password

Dear user13148231,
Here is an illustration;
SQL> alter user sys account lock;
User altered.
SQL> select username, account_status, lock_date, expiry_date from dba_users where USERNAME='SYS';
USERNAME                      ACCOUNT_STATUS                   LOCK_DATE EXPIRY_DA
SYS                                      LOCKED                           20-AUG-10      23-FEB-09
SQL> host sqlplus sys/password@opttest as sysdba
SQL*Plus: Release 10.2.0.4.0 - Production on Fri Aug 20 12:25:43 2010
Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> alter user sys identified by password password expire;
User altered.
SQL> select username, account_status, lock_date, expiry_date from dba_users where username='SYS';
USERNAME                      ACCOUNT_STATUS                   LOCK_DATE EXPIRY_DA
SYS                                EXPIRED & LOCKED                 20-AUG-10   20-AUG-10
SQL> host sqlplus sys/password@opttest as sysdba
SQL*Plus: Release 10.2.0.4.0 - Production on Fri Aug 20 12:27:02 2010
Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> alter user sys identified by password account unlock;
SQL> select username, account_status, lock_date, expiry_date from dba_users where username='SYS';
USERNAME                       ACCOUNT_STATUS                   LOCK_DATE EXPIRY_DA
SYS                            OPENEven if it shows expired and locked it is OK to connect to the database for the SYS user.
SQL> alter user ogan identified by password account lock password expire;
User altered.
SQL> select username, account_status, lock_date, expiry_date from dba_users where username='OGAN';
USERNAME                       ACCOUNT_STATUS                   LOCK_DATE EXPIRY_DA
OGAN                           EXPIRED & LOCKED                 20-AUG-10 20-AUG-10
SQL> conn ogan/password
ERROR:
ORA-28000: the account is locked
Warning: You are no longer connected to ORACLE.
SQL> conn / as sysdba
Connected.
SQL> alter user ogan account unlock;
User altered.
SQL> conn ogan/password@opttest
ERROR:
ORA-28001: the password has expired
Changing password for ogan
New password:
Retype new password:
Password changed
Connected.
SQL>Ogan

Notification of password expiration trigger

I am trying to create a logon trigger that notifys users their password is about to expire. Here is a piece of the code. How would I give this notification message after logon?
SELECT trunc(expiry_date) - trunc(lv_date)
INTO v_expiry_time
FROM dba_users
WHERE username IN (SELECT USER FROM dual);
if v_expiry_time > 0 and v_expiry_time <= 10 then
/*give this message --> 'Your password will expire in ' || v_expiry_time || ' day(s).' */
end if;

I think you might have a mis-understanding about how 'grace period' and 'password lifetime' interact. Take a look at the description in the security manual, at
[http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/policies.htm#i1006685]
In the example, they have a user with a password lifetime of 90 days, then it says (I've added emphasis to key parts)
"the profile assigned to johndoe includes the specification of a grace period: PASSWORD_GRACE_TIME = 3. The first time johndoe tries to log in to the database after 90 days (+*this can be any day after the 90th day*,+ that is, the 70th day, 100th day, or another day), he receives a warning message that his password will expire in three days. If three days pass, and he does not change her password, *+then+* the password expires. *+After this+*, he receives a prompt to change his password on any attempt to log in, and cannot log in until he does so."

Im not getting AD password expiration notices in Leopard

Has anyone else having problems getting AD password expiration notices in AD environments on Leopard Macs? It used to work for me in Tiger, but Im not getting the warnings when I log into Leopard Macs. Entourage warns me, but the Login window isn't prompting me with the expected "Your password will expire in xxx days." All my Macs are running 10.5.2 in simple AD 2003 domain.

I have a few 10.4.11 Tiger Macs and they DO work as expected - I get Active Directory password expiration notices at the Login window of my Tiger clients.
Notes:
Most of my users are local admins (don't ask why - long story)
All of my users have managed mobile user accounts for offline access (laptop users etc)
All my Macs are running 10.5.2. None of them can get AD password notices at the login window.
All my Macs are bound to a simple AD 2003 domain. No big forest. 1 single domain.
When I log into my AD domain from a Mac, I get a TGT from the KDC (which is an Active Diectory domain controller) as expected. Thus, Kerberos appears to be working.
DNS works fine (forward and reverse lookups are resolving as expected)
It used to work for me back in Tiger, but I'm not getting the warnings when I log into my Leopard Macs. Entourage 2004 and 2008 warns me about password expiration, but the OS XLogin window isn't prompting me with the expected "Your password will expire in xxx days."
Message was edited by: Daniel Stranathan

Password expiring notification

Hello everybody. I'm developing a control wich warns an user logging to a web application about when his password (stored in an active directory server) is going to expire. I've found in this forum plenty of information to write this control and it's almost done but I've a doubt yet: is there an A.D. attribute wich says how many days before the password expiration the warning must be sent?
I think no because, as far as I know, this is a kind of domain protection constrain wich is not directly related to Active Directory and I didn't find any examples or documentation about such an attribute but I can't really claim to be an expert in Active Directory architecture or Windows management then I think it's better to ask before setting an application parameter :)
I'm accessing an Active Directory server on a Windows 2003 SP2 computer via an application developed in Java 1.5 under Tomcat 5.5.
Thanks for any help, take care!
Massimo Campodonico

I'm assuming you've discovered the post titled "JNDI, Active Directory and User Account status (account expired, locked)" available at http://forum.java.sun.com/thread.jspa?threadID=716240&tstart=0 that describes account & password expiry etc.
I think what you are tring to determine (or mimic) is the password reminder interval. Refer to the Microsoft KB article at http://support.microsoft.com/kb/135403 which describes how teh password reminder interval is determined. With Windows 2000 (and beyond), this is configured by group policy, which ultimately configures the registry setting HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\passwordexpirywarning
Good luck.

Process Password Expiration

I wish to know how can I search for users who have certain password expiration date.
For example, base on the date, I would like to send different emails to user. 1 months before expiration date, user receives a reminder email, 7 days before expiration date, user receives a warning email.
I don't want to scan one by one all the users, get user object, then get the expiration date and do the comparison. I think this is too slow for a big number of users.
Is there any faster way? for example by using attribute condition? How?
Thank you,
Steve

I've done this a couple times using the per-account reconciliation workflow. Its certainly not glamorous, but it does work.
The requirement was to notify AD users one moth and one week before password expiration. Reconciliation was run nightly against AD and I added a per-account workflow. The workflow checked the account expiration attribute and calculated how far it was away from today. If it was 30 or 7 days, I send an email reminder to the user.
The solution did not significantly impact performance. A couple things you'll need to keep in mind. One, add a bunch of conditions up front to keep the speed up. Two, the variable userName is available in the per-account workflow when the recon condition is MATCHED. Finally, you're bound to your reconciliation schedule, so you may have to do some conditionals to make sure you aren't reminding people every night or every week.

User password expiration

Hello.
It seems that passwordExpirationTime LDAP attribute doesn't work at all. I can add it to a user entry but it has no effect, no matter what value it has. Do we have to set any configuration value in order to active it? Is there any other way to achieve some kind of "user password expiration" feature?
Thank you very much.

Hi,
in respect to password aging, the following two enhancement requests are open :
on Messaging : 12093863: SUNBT4538996 PASSWORD AGING SUPPORT
on Convergence : 12251399: SUNBT6763009 CONVERGENCE LOGIN SHOULD WARN IF PASSWARD EXPIRES SOON
The above is also mentioned in the knowledge document :
Does Messaging Server Or Convergence Support Password Aging Policy ? (Doc ID 1474404.1)
On 12093863, this feature will be implemented in the messaging patch-28. There is no news available yet from the Convergence side on 12251399.
Cheers, Ben

Directory Server 6 and Password Grace Warning

Am trying to take advantage of DS 6 and password grace warning. Am having trouble finding the source template for the warning page that allows the user to change their password after its already expired. Can someone point me to how this page is built and how I can customize it?
Also is it possible to enhance the password change part of this functionality? I need to enforce a more complicated password adherence than the password policy allows.
Thanks!

I can answer the first part of my question. Login.jsp is the page that his callback goes through.

No password expiration warning

Similar Messages

Maybe you are looking for