Hi,
recently I came across an issue, where a user had -23 "Login grace remaining". She was able to log in anywhere using her credentials. OES client dropped an error message during login, that the she needs a password change, but she just ignored it. After she had been forced to a password change manually, the Login grace remaining attribute went back to the default 15. I was curious if anybody else has less than 0 Login grace remaining, and turns out that there are about 100 users. The directory has about 80k user objects, so this not a significant number. I could just force a pwd change on them and walk away. However I would like to dig just a little bit deeper if possible.
So I've found this long forgotten thread Negative number of remaining grace logins
Looks like there was no solution provided. My case is slightly different.There is a universal password policy implemented, every user has an nspmPasswordPolicyDN set and the "login policy" object in the Security container also has a nspmPasswordPolicyDN. eDirectory versions vary from 9.2.9 to 9.2.6, oes2024 to oes2018. The tree has about 400 servers and 300 partitions, synchronisation looks ok, Max. Ring Delta is about 15 minutes. Currently there are two servers down for maintenance but this is just temporary.
What can I do? What can I check? Should I open a SR to OT? Should I just ignore the error and periodically check for negative login grace remaining?
Thank you in advance,
Gellert