cancel
Showing results for 
Search instead for 
Did you mean: 

PMI

bullyrag_
Occasional Contributor

PMI

Password Management is enabled but not warning users that passwords are going to expire / have expired. Admin credentials are okay and PMI has been enabled at Realm level. We think this used to work and has stopped working. Anyone else any ideas please?
2 REPLIES 2
ecornwell_
New Contributor

Re: PMI

We were doing the same thing using LDAP against Active Directory. You have to enable LDAPS for it to work.
bullyrag_
Occasional Contributor

Re: PMI

Thanks for your reply. I knew that LDAPS was required for full functionality but thought that without it we would still get the opportunity to change the password on the day it expired. Anyhow I am arranging for port 636 to be allowed etc. for LDAPS so hopefully that will be the cure all. This is what Juniper says :

"Using AAA Server of Active Directory, an end user will be prompted to change their password only on the day that it expires. However, using LDAPS server with a certificate from a trusted CA, or a certificate created on a Microsoft server, if a user's password expires in 14 days, it will prompt the user and allow the user to change password provided you are using LDAPS with Advanced License.

If you would like end users to receive warnings that their password will expire in x days, then you need to set the IVE up to authenticate users to an LDAP server pointing at the AD server."

So I am still not sure why we were getting nothing.

Simon