$entry = ldap_get_entries_moodle($ldapconn, $sr);
$info = array_change_key_case($entry[0], CASE_LOWER);
$maxpwdage = $info['maxpwdage'][0];
-
+ if ($sr = ldap_read($ldapconn, $user_dn, '(objectClass=*)', array('msDS-ResultantPSO', 'msDS-MaximumPasswordAge'))) {
+ if ($entry = ldap_get_entries_moodle($ldapconn, $sr)) {
+ $info = array_change_key_case($entry[0], CASE_LOWER);
+ $userpso = $info['msds-resultantpso'][0];
+
+ // If a PSO exists, FGPP is being utilized.
+ // Grab the new maxpwdage from the msDS-MaximumPasswordAge attribute of the PSO.
+ if (!empty($userpso)) {
+ if ($entry = ldap_get_entries_moodle($ldapconn, $sr)) {
+ $info = array_change_key_case($entry[0], CASE_LOWER);
+ $maxpwdage = $info['msds-maximumpasswordage'][0];
+ }
+ }
+ }
+ }
// ----------------------------------------------------------------
// MSDN says that "pwdLastSet contains the number of 100 nanosecond
// intervals since January 1, 1601 (UTC), stored in a 64 bit integer".