Description of problem:
passwordExpirationTime is changed to the time of bind

Version-Release number of selected component (if applicable):
389-ds-base-1.4.3.37-7.module+el8dsrv+20631+5a3df0a9.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Set pwpolicy as follows:
dsconf... pwpolicy set --pwdmustchange on --pwdwarning 864000 --pwdmaxage 2592000 --pwdexpire on

2. Create a sample user dn:
uid=testuser1,ou=people,dc=example,dc=com

3. Rsest userPassword
ldapmodify -x -h localhost -D "cn=Directory Manager" -w redhat11 << 'EOF'
dn: uid=testuser1,ou=people,dc=example,dc=com
changetype: modify
replace: userPassword
userPassword: password
EOF

4. Set passwordExpirationTime to "current date +10 days"
VALUE=$(date -u -d '10days' +"%Y%m%d%H%M%S")Z
ldapmodify -x -h localhost -D "cn=Directory Manager" -w redhat11 << EOF
dn: uid=testuser1,ou=people,dc=example,dc=com
changetype: modify
replace: passwordExpirationTime
passwordExpirationTime: $VALUE
EOF
ldapsearch -xLLL -h localhost -D "cn=Directory Manager" -w redhat11 uid=testuser1 passwordExpirationTime

5. BIND with the user
date -u; ldapsearch -xLLL -h localhost -D "uid=testuser1,ou=people,dc=example,dc=com" -w password uid=testuser1 -e ppolicy cn
ldapsearch -xLLL -h localhost -D "cn=Directory Manager" -w redhat11 uid=testuser1 passwordExpirationTime

Log sample:
~~~
[root@8ds0 ~]# ldapmodify -x -h localhost -D "cn=Directory Manager" -w redhat11 << 'EOF'
> dn: uid=testuser1,ou=people,dc=example,dc=com
> changetype: modify
> replace: userPassword
> userPassword: password
> EOF
modifying entry "uid=testuser1,ou=people,dc=example,dc=com"

[root@8ds0 ~]# VALUE=$(date -u -d '10days' +"%Y%m%d%H%M%S")Z
[root@8ds0 ~]# ldapmodify -x -h localhost -D "cn=Directory Manager" -w redhat11 << EOF
> dn: uid=testuser1,ou=people,dc=example,dc=com
> changetype: modify
> replace: passwordExpirationTime
> passwordExpirationTime: $VALUE
> EOF
modifying entry "uid=testuser1,ou=people,dc=example,dc=com"

[root@8ds0 ~]# ldapsearch -xLLL -h localhost -D "cn=Directory Manager" -w redhat11 uid=testuser1 passwordExpirationTime
dn: uid=testuser1,ou=people,dc=example,dc=com
passwordExpirationTime: 20240426024422Z

[root@8ds0 ~]# date -u; ldapsearch -xLLL -h localhost -D "uid=testuser1,ou=people,dc=example,dc=com" -w password uid=testuser1 -e ppolicy cn
Tue Apr 16 02:44:30 UTC 2024
ldap_bind: Success (0) (Password expires in 864000 seconds)
[root@8ds0 ~]# ldapsearch -xLLL -h localhost -D "cn=Directory Manager" -w redhat11 uid=testuser1 passwordExpirationTime
dn: uid=testuser1,ou=people,dc=example,dc=com
passwordExpirationTime: 20240426024430Z

[root@8ds0 ~]#
~~~
passwordExpirationTime is changed from 20240426024422Z to 20240426024430Z, the time part of which is the same as bind time. Please note the day part(20240426) is not changed.

Actual results:
passwordExpirationTime is changed.

Expected results:
passwordExpirationTime is not changed.

Additional info: