We are using FreeIPA's LDAP as the base for user authentication in a
different application. So far I have created a sysaccount which does the
lookup etc for a user and things are working as expected. I'm even able to
use OTP from the external app.
One problem I'm struggling to fix is the expired passwords. Is there a way
to deny bind to LDAP only from this application? Obviously the user would
need to go to IPA's web UI and reset his password there.
I came across this ticket https://fedorahosted.org/freeipa/ticket/1539 but
looks like this is an old one.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project