Anonymous_User Absent Member.
Absent Member.
221 views

Account has expiry date 1 January 1970

Been there previously, done rule changes etc, yet this still does happen on
some user

http://imageshack.com/scaled/800x600/823/qi7q.jpg

User created in eDir, Universal Password active, user has one grace login
allowed & must change password

This user does not show any restrictions in AD yet in eDir I get the above,
which gives all sort of strange problems

Any idea what is setting it & why?

It does NOT happen on ALL the users

Seb


Labels (1)
0 Likes
6 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Account has expiry date 1 January 1970

I do not recall ever seeing that set back in the past automatically, which
would lead me to believe that something from an application or in (since
you're posting here) IDM policy is doing it explicitly. Check traces and
post them here if/when it happens and hopefully we'll see the source.
Checking policy with Designer should be pretty easy since you can search
through the project for that attribute to see if anything mentions it
explicitly, or at least see which driver configs allow it through filters.

Good luck.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Account has expiry date 1 January 1970

On Tue, 17 Sep 2013 13:23:03 +0000, ab wrote:

> I do not recall ever seeing that set back in the past automatically,
> which would lead me to believe that something from an application or in
> (since you're posting here) IDM policy is doing it explicitly.


I'm going to throw out a guess, here. It's the MAD driver, with an
account expiration value coming back from the domain, and being mis-
translated to 00000000000000Z, aka 1 Jan 1970.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Account has expiry date 1 January 1970

On Tue, 17 Sep 2013 12:59:56 +0000, Sebastian Cerazy wrote:

> Been there previously, done rule changes etc, yet this still does happen
> on some user
>
> http://imageshack.com/scaled/800x600/823/qi7q.jpg


Well, there's always a reason. Tell us about your identity environment.


> User created in eDir, Universal Password active, user has one grace
> login allowed & must change password


Created how? Where?


> This user does not show any restrictions in AD yet in eDir I get the
> above, which gives all sort of strange problems


So you've got at least the MAD driver running. What other drivers?


> Any idea what is setting it & why?


Maybe. A level 3 trace from the MAD driver would be helpful to see.


> It does NOT happen on ALL the users


What's different about those where it happens vs. those where it does
not? Can you reproduce the problem at will, or do you have to wait for it
to happen?


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Account has expiry date 1 January 1970

User created in eDirectory (either by hand in C1 or programatically with ie
JRP Utilities)

Makes no difference

It just happens, almost aon all users

Seb


"David Gersic" <dgersic@no-mx.forums.netiq.com> wrote in message
news:vr1mga-4o4.ln1@wintermute.is.niu.edu...
> On Tue, 17 Sep 2013 12:59:56 +0000, Sebastian Cerazy wrote:
>
>> Been there previously, done rule changes etc, yet this still does happen
>> on some user
>>
>> http://imageshack.com/scaled/800x600/823/qi7q.jpg

>
> Well, there's always a reason. Tell us about your identity environment.
>
>
>> User created in eDir, Universal Password active, user has one grace
>> login allowed & must change password

>
> Created how? Where?
>
>
>> This user does not show any restrictions in AD yet in eDir I get the
>> above, which gives all sort of strange problems

>
> So you've got at least the MAD driver running. What other drivers?
>
>
>> Any idea what is setting it & why?

>
> Maybe. A level 3 trace from the MAD driver would be helpful to see.
>
>
>> It does NOT happen on ALL the users

>
> What's different about those where it happens vs. those where it does
> not? Can you reproduce the problem at will, or do you have to wait for it
> to happen?
>
>
> --
> --------------------------------------------------------------------------
> David Gersic dgersic_@_niu.edu
> Knowledge Partner http://forums.netiq.com
>
> Please post questions in the forums. No support provided via email.
>



0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Account has expiry date 1 January 1970

On Wed, 18 Sep 2013 13:08:22 +0000, Sebastian Cerazy wrote:

> User created in eDirectory (either by hand in C1 or programatically with
> ie JRP Utilities)
>
> Makes no difference
>
> It just happens, almost aon all users


Ok, that's good to know. How about the rest of my questions? If you can
reproduce this pretty commonly, it shouldn't be too hard to track it down.


>> Well, there's always a reason. Tell us about your identity environment.


>> So you've got at least the MAD driver running. What other drivers?


>> Maybe. A level 3 trace from the MAD driver would be helpful to see.





--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
Knowledge Partner
Knowledge Partner

Re: Account has expiry date 1 January 1970

On 9/18/2013 9:30 AM, David Gersic wrote:
> On Wed, 18 Sep 2013 13:08:22 +0000, Sebastian Cerazy wrote:
>
>> User created in eDirectory (either by hand in C1 or programatically with
>> ie JRP Utilities)
>>
>> Makes no difference
>>
>> It just happens, almost aon all users

>
> Ok, that's good to know. How about the rest of my questions? If you can
> reproduce this pretty commonly, it shouldn't be too hard to track it down.


Check the filters on all your drivers, looking for that attribute.
Export the drivers to XML, search for that attribute to find any rules
that touch it. (Look at the found rule in Designer to understand it).

Then trace and search for that rule firing and why.

Something is setting it to 0. (CTIME, signed, 0 is the first second of
1970).


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.