Environment
Novell eDirectory 8.8 for All Platforms
Novell eDirectory 8.7.3.9 for All Platforms
Novell Modular Authentication Service (NMAS) version 3.2.0
Novell eDirectory 8.7.3.9 for All Platforms
Novell Modular Authentication Service (NMAS) version 3.2.0
Situation
When setting the Login Expiration Time attribute in eDirectory to a value greater than Tue, 19 Jan 2038 03:14:07 GMT a Novell Modular Authentication Service (NMAS) login may fail. A non-NMAS login does not return the error.
Resolution
A signed integer will only represent computer values (which start in 1970-01-01) through 2038-01-19 01:14:07 GMT. eDirectory has been modified to support a full unsigned integer and engineering has been notified regarding how NMAS treats this differently. Currently the workaround is to not set Login Expiration Time to a time after the year 2037 if NMAS is in use for that client's logins.
Additional Information
The only time this has been seen was with a time attribute being synchronized to eDirectory from a third-party application. Modifying the rules of that synchronization so that invalid values were removed or set to the maximum allowed value in eDirectory also resolved the issue.
This has been resolved in NMAS 3.2.0.1 FTF. Due to the bundling of NMAS with eDirectory, upgrading eDirectory will also upgrade NMAS. The latest versions of eDirectory can be found at https://dl.netiq.com.
This has been resolved in NMAS 3.2.0.1 FTF. Due to the bundling of NMAS with eDirectory, upgrading eDirectory will also upgrade NMAS. The latest versions of eDirectory can be found at https://dl.netiq.com.