|Applies To||ClearTrust Entitlements Server 5.5.3|
Windows Server 2003 SP1
Microsoft Windows Active Directory
|Issue||AXM - Passwords expiring prematurely in ClearTrust - Both CT and AD password policies are in place|
Customers passwords are expiring in ClearTrust, even though they are not set to expire in Active Directory
|Cause||ctscUserAuxClass is being used and the ClearTrust policy expiration is expiring passwords sooner than Active Directory is set to.|
According to Cleartrust 5.5.3 documentation, you should always set your ClearTrust password policy to stricter than that stored in Active directory. Alternately, you can also choose to entirely remove the ClearTrust policy and use only the policy defined in AD.
In order to remove the cleartrust policy, follow these directions:
1.) Open the ldap.conf file, locate this block of parameters, and comment the
2.) Open the Administrative Console configuration file (admingui.cfg), and set the
You must restart the ClearTrust servers in order for these changes to take effect.
|Legacy Article ID||a39713|