dxPwdLoginTime is cleared by Change My Password

Document ID : KB000100937
Last Modified Date : 14/06/2018
Show Technical Document Details
Issue:
When IM submits a Change My Password task the dxPwdLoginTime operational attribute on the user in the IM UserStore is cleared.
Resolution:
If the CA Directory DSA being used for the IM UserStore is configured with password policy enabled then the dxPwdLoginTime attribute will be updated to capture the login time of a user. If CA Directory receives a request to change one's own password the dxPwdLoginTime attribute will not be cleared, but if CA Directory receives a request to change the password of a user that is not submitting the request then the dxPwdLoginTime attribute value will be cleared. Since IM uses a proxy ID configured in the UserDir XML to perform all updates, CA Directory needs to have password-proxy-user set to that user in order for password changes from IM to not clear the dxPwdLoginTime attribute.
Additional Information:
Please review the following CA Directory documentation link which mentions password-proxy-user setting:

https://docops.ca.com/ca-directory/14-0/en/administrating/manage-user-accounts-and-passwords/use-password-settings-to-administer-user-accounts