On 04/10/2014 08:03 AM, Matthew Symonds wrote:
We have a few services using IPA via LDAP.
E.G. Apache connecting
to ldap://snip/cn=users,cn=accounts,dc=ipa,dc=snip?uid
This works fine but users with expired passwords are still able to
authenticate.
Is there any way to stop this in FreeIPA, or do I have to
check krbPasswordExpiration in my user filter?
There is no way to stop it.
You can read about the reasons in the ticket and mentioned threads.
https://fedorahosted.org/freeipa/ticket/1539#comment:13
Using it in the access control filter would be a reasonable workaround.
Thanks
Matt
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users