On Tue, 2016-03-01 at 17:51 +0100, Lukas Slebodnik wrote: > On (01/03/16 17:45), Lukas Slebodnik wrote: > >On (31/01/16 11:53), Simo Sorce wrote: > >>Expired != Disabled > >>this change is intentional. > >> > >Yes, but explain it to Active directory :-) > > > >Attached is patch with workaround/hack > >regression with expired AD users. > > > ENOPATCH > > LS
I think a better approach is to return the KRBKDC error from the child without mapping (or with an intermediate mapping) and have the IPA and AD providers map it on their own. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org