AXM - Passwords expiring prematurely in ClearTrust - Both CT and AD password policies are in place
Customers passwords are expiring in ClearTrust, even though they are not set to expire in Active Directory
ctscUserAuxClass is being used and the ClearTrust policy expiration is expiring passwords sooner than Active Directory is set to.
According to Cleartrust 5.5.3 documentation, you should always set your ClearTrust password policy to stricter than that stored in Active directory. Alternately, you can also choose to entirely remove the ClearTrust policy and use only the policy defined in AD.
In order to remove the cleartrust policy, follow these directions:
1.) Open the ldap.conf file, locate this block of parameters, and comment the
entire block.
#cleartrust.data.ldap.user.attributemap.failedlogincount:ctscFailedLoginCou
nt
#cleartrust.data.ldap.user.attributemap.lockedout: ctscUserKeywords
#cleartrust.data.ldap.user.attributemap.passwordexpirationstatus:ctscUserKe
ywords
#cleartrust.data.ldap.user.attributemap.passwordexpirationstate:
ctscUserKeywords
#cleartrust.data.ldap.user.attributemap.passwordhistory:ctscPasswordHistory
#
#cleartrust.data.ldap.user.attributemap.passwordcreationdate:
ctscPasswordCreationDate
#cleartrust.data.ldap.user.attributemap.passwordcreationdate.
format:yyyyMMddHHmmss'Z'
#cleartrust.data.ldap.user.attributemap.passwordcreationdate.timezone:GMT
#cleartrust.data.ldap.user.attributemap.passwordexpirationdate:ctscPassword
ExpirationDate
#cleartrust.data.ldap.user.attributemap.passwordexpirationdate.
format:yyyyMMddHHmmss'Z'
#cleartrust.data.ldap.user.attributemap.passwordexpirationdate.timezone:GMT
#cleartrust.data.ldap.user.attributemap.accountstartdate:
2.) Open the Administrative Console configuration file (admingui.cfg), and set the
parameter disableuserextensions to true.
You must restart the ClearTrust servers in order for these changes to take effect.
