bypassing some authN fails?

Daniel Fisher dfisher at
Thu May 25 16:07:50 EDT 2017

On Thu, May 25, 2017 at 2:23 PM, IAM David Bantz <dabantz at> wrote:

> Is it feasible in IdP 3.3 to intercept an authN failure against AD LDAP
> due to expired account (error 49, data 701) and treat as though successful
> authN? ("701" data is supposed to be returned ONLY if the supplied
> credentials were otherwise valid, so this does not bypass expired password,
> locked account, or bad password, but only those attempts that would have
> been successful but for the account being marked expired.)

So do you want to ignore this particular account state or will you be
sending these users somewhere to unexpire their account in a self-service

--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list