[Freeipa-users] LDAP Authentication with expired passwords

[Matthew Symonds]

We have a few services using IPA via LDAP.

E.G. Apache connecting
to ldap://snip/cn=users,cn=accounts,dc=ipa,dc=snip?uid

This works fine but users with expired passwords are still able to
authenticate.

Is there any way to stop this in FreeIPA, or do I have to
check krbPasswordExpiration in my user filter?

Thanks
Matt
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] LDAP Authentication with expired passwords

[Dmitri Pal]

On 04/10/2014 08:03 AM, Matthew Symonds wrote:

We have a few services using IPA via LDAP.

E.G. Apache connecting 
to ldap://snip/cn=users,cn=accounts,dc=ipa,dc=snip?uid


This works fine but users with expired passwords are still able to 
authenticate.


Is there any way to stop this in FreeIPA, or do I have to 
check krbPasswordExpiration in my user filter?


There is no way to stop it.
You can read about the reasons in the ticket and mentioned threads.
https://fedorahosted.org/freeipa/ticket/1539#comment:13

Using it in the access control filter would be a reasonable workaround.



Thanks
Matt


___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users



--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users