OpenLDAP Password Policy account state handling.
Cantor, Scott
cantor.2 at osu.edu
Wed Dec 14 12:54:43 EST 2016
On 12/14/16, 12:45 PM, "users on behalf of O'Dowd, Josh" <users-bounces at shibboleth.net on behalf of Josh.O'Dowd at mso.umt.edu> wrote:
> This is, in fact, part of an MFA flow and I have a nextFlowStrategy script in place to try and deal with the account state
> error; the strategy is not being activated due to lack of success from authn/Password rule.
True, if it won't exit that wouldn't get into the picture. I guess my point is, skipping all this LDAP policy stuff and tracking it all with simple attributes ends up working much more simply. But if you can't get them to turn it off, that won't work. Having it on is dumb though because now you're making every application enforce all this in code, which is just not going to happen. If you want the password to expire, you expire it, not allow the bind and return some obscure extension.
-- Scott
More information about the users
mailing list