I finally figured out what's happening with the 1-1-92 password resetting.
Is this "as designed" or do I still have a problem?
Before UP policies and IDM were setup, the standard NDS password minimum
length was 8 characters. Then we implemented UP and configured it for 6
character minimum (in the UP policy). Now, a user changes his AD password
using less than 8 chars, IDM syncs the Novell password and updates the
expiration date to 90 days ahead (eg.Feb 10, 2008), but as soon as he logs
into the Remedy application (which seems to use LDAP authentication) with
his Novell ID the Novell password expiration gets reset to 1-1-92 and is
expired.
If the user changes his AD password using 8 or MORE chars, this does not
occur (expiration remains at 90 days ahead).
If the admin changes the NDS password minimum to 6 chars, and user changes
his AD password using less than 8 chars (as before), the problem does not
occur.
It appears the NDS password policy is still being read when the user logs
into the Remedy application. I can go ahead and change all Novell user
passwords to 6 chars min, but didn't think I should need to. Is this
normal, or is it because of the way the LDAP authentication occurs, or is
there a bug in my system? (NW6.5 SP5; IDM2.0.2)