Error: -1667 when Login Expiration Time set to year 2038 or later.

  • 3647842
  • 21-Mar-2008
  • 15-Jan-2014


Novell eDirectory 8.8 for All Platforms
Novell eDirectory for All Platforms
Novell Modular Authentication Service (NMAS) version 3.2.0


When setting the Login Expiration Time attribute in eDirectory to a value greater than Tue, 19 Jan 2038 03:14:07 GMT a Novell Modular Authentication Service (NMAS) login may fail. A non-NMAS login does not return the error.


A signed integer will only represent computer values (which start in 1970-01-01) through 2038-01-19 01:14:07 GMT. eDirectory has been modified to support a full unsigned integer and engineering has been notified regarding how NMAS treats this differently. Currently the workaround is to not set Login Expiration Time to a time after the year 2037 if NMAS is in use for that client's logins.

Additional Information

The only time this has been seen was with a time attribute being synchronized to eDirectory from a third-party application. Modifying the rules of that synchronization so that invalid values were removed or set to the maximum allowed value in eDirectory also resolved the issue.

This has been resolved in NMAS FTF.  Due to the bundling of NMAS with eDirectory, upgrading eDirectory will also upgrade NMAS.  The latest versions of eDirectory can be found at