On 04/16/2012 03:34 PM, Rob Crittenden wrote:
Rob Crittenden wrote:
Petr Vobornik wrote:
On 04/13/2012 09:28 PM, Rob Crittenden wrote:
When doing a forms-based login there is no notification that a password
needs to be reset. We don't currently provide a facility for that
but we
should at least tell users what is going on.

This patch adds an LDAP bind to test the password to see if it is
expired and returns the string "Password Expired" along with the 401 if
it is. I'm told this is all the UI will need to be able to identify
this
condition.

rob


UI can work with it. I have a patch ready. I'll send it when this will
be ACKed.

Some notes:

1) The error templates and the 'Password Expired' message are hardcoded
to be English. It's fine at the moment. Will we internationalize them
sometime in future? If so, we will run into the same problem again.

No plans to. I can update the patch with a comment specifically to not
internationalize it if you'd like.

It isn't necessary. I just wanted to be sure we won't implemented it twice.


2) conn.destroy_connection() won't be called if an exception occurs. Not
sure if it is a problem, GC and __del__ should take care of it.

Hmm, this is due to a late stage change I made. I originally had this
broken out into two blocks where the only thing done in the first
try/except block was the connection, so the only exception that could
happen was a failed connection.

That isn't true any more. I'll update the patch.

And here you go.

rob

The patch looks good.

I also opened similar ticket regarding locked status.
https://fedorahosted.org/freeipa/ticket/2643

--
Petr Vobornik

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to