How to sync Password Expiration time with the Bi-directional eDirectory Driver.
Currently on a new user add, the setting of the password will override the setting of the password expiration time from the source system.
The following rule can sync the value. It comes in as a secondary event after the user and password are already set. It happens at the same time as the association creation for the user.
The reason for adding the CN is because the attr name is not in the LDAP namespace. Also, this rule can then be placed in the input transformation policy if desired. The variable names may be changed as desired.
<description>Write Password sync timeout</description>
<do-set-local-variable name="varPET" scope="policy">
<token-dest-attr class-name="User" name="Password Expiration Time"/>
<do-set-local-variable name="varCN" scope="policy">
<token-dest-attr class-name="User" name="CN"/>
<do-set-src-attr-value class-name="inetOrgPerson" name="passwordExpirationTime">