On 04/10/2014 08:03 AM, Matthew Symonds wrote:
We have a few services using IPA via LDAP.

E.G. Apache connecting to ldap://<snip>/cn=users,cn=accounts,dc=ipa,dc=<snip>?uid

This works fine but users with expired passwords are still able to authenticate.

Is there any way to stop this in FreeIPA, or do I have to check krbPasswordExpiration in my user filter?

There is no way to stop it.
You can read about the reasons in the ticket and mentioned threads.
https://fedorahosted.org/freeipa/ticket/1539#comment:13

Using it in the access control filter would be a reasonable workaround.


Thanks
Matt


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to