[Freeipa-users] LDAP Authentication with expired passwords
Dmitri Pal
dpal at redhat.com
Thu Apr 10 16:07:20 UTC 2014
On 04/10/2014 08:03 AM, Matthew Symonds wrote:
> We have a few services using IPA via LDAP.
>
> E.G. Apache connecting
> to ldap://<snip>/cn=users,cn=accounts,dc=ipa,dc=<snip>?uid
>
> This works fine but users with expired passwords are still able to
> authenticate.
>
> Is there any way to stop this in FreeIPA, or do I have to
> check krbPasswordExpiration in my user filter?
There is no way to stop it.
You can read about the reasons in the ticket and mentioned threads.
https://fedorahosted.org/freeipa/ticket/1539#comment:13
Using it in the access control filter would be a reasonable workaround.
>
> Thanks
> Matt
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140410/82c04b25/attachment.htm>
More information about the Freeipa-users
mailing list