[Freeipa-devel] [PATCH] 1006 detect expired passwords in forms login

[Petr Vobornik]

On 04/13/2012 09:28 PM, Rob Crittenden wrote:
> When doing a forms-based login there is no notification that a password
> needs to be reset. We don't currently provide a facility for that but we
> should at least tell users what is going on.
>
> This patch adds an LDAP bind to test the password to see if it is
> expired and returns the string "Password Expired" along with the 401 if
> it is. I'm told this is all the UI will need to be able to identify this
> condition.
>
> rob
>

UI can work with it. I have a patch ready. I'll send it when this will 
be ACKed.

Some notes:

1) The error templates and the 'Password Expired' message are hardcoded 
to be English. It's fine at the moment. Will we internationalize them 
sometime in future? If so, we will run into the same problem again.

2) conn.destroy_connection() won't be called if an exception occurs. Not 
sure if it is a problem, GC and __del__ should take care of it.


-- 
Petr Vobornik