Re: [Freeipa-users] Deny bind for external LDAP if password is expired

Prashant Bapat wrote: In our FreeIPA deployment the clients use pam_nss_ldapd with the "compat" schema. No ipa-client. I'm planning to apply the patched ipa_pwd_extop plugin to only 2 of the replicas (out of 8) where the external app authenticates against IPA's LDAP. These 2 replicas are more us

Re: [Freeipa-users] Deny bind for external LDAP if password is expired

In our FreeIPA deployment the clients use pam_nss_ldapd with the "compat" schema. No ipa-client. I'm planning to apply the patched ipa_pwd_extop plugin to only 2 of the replicas (out of 8) where the external app authenticates against IPA's LDAP. These 2 replicas are more used like readonly. The We

Re: [Freeipa-users] Deny bind for external LDAP if password is expired

Tough luck! If its tricky for you (FreeIPA core developers) then its pretty much impossible to solve it for mere mortals like me ! On 11 July 2016 at 19:43, Rob Crittenden wrote: > Prashant Bapat wrote: > >> I cherrypicked the commit id 3b7d5e7543a074d7d24556cadc6c95be9871cfc6 >> and compiled th

Re: [Freeipa-users] Deny bind for external LDAP if password is expired

Prashant Bapat wrote: I cherrypicked the commit id 3b7d5e7543a074d7d24556cadc6c95be9871cfc6 and compiled the ipa-pwd-extop slapi plugin. Now the user is denied bind. But unable to reset the password. Right, it's a tricky problem which is why it hasn't been resolved yet. You have come full cir

Re: [Freeipa-users] Deny bind for external LDAP if password is expired

I cherrypicked the commit id 3b7d5e7543a074d7d24556cadc6c95be9871cfc6 and compiled the ipa-pwd-extop slapi plugin. Now the user is denied bind. But unable to reset the password. On 8 July 2016 at 13:21, Martin Kosek wrote: > On 07/07/2016 05:19 PM, Prashant Bapat wrote: > > Anyone ?! > > > > O

Re: [Freeipa-users] Deny bind for external LDAP if password is expired

On 07/07/2016 05:19 PM, Prashant Bapat wrote: > Anyone ?! > > On 6 July 2016 at 22:36, Prashant Bapat > wrote: > > Hi, > > We are using FreeIPA's LDAP as the base for user authentication in a > different application. So far I have created a sysaccount whi

Re: [Freeipa-users] Deny bind for external LDAP if password is expired

Anyone ?! On 6 July 2016 at 22:36, Prashant Bapat wrote: > Hi, > > We are using FreeIPA's LDAP as the base for user authentication in a > different application. So far I have created a sysaccount which does the > lookup etc for a user and things are working as expected. I'm even able to > use OT

[Freeipa-users] Deny bind for external LDAP if password is expired

Hi, We are using FreeIPA's LDAP as the base for user authentication in a different application. So far I have created a sysaccount which does the lookup etc for a user and things are working as expected. I'm even able to use OTP from the external app. One problem I'm struggling to fix is the expi