Hi,
I find myself in situation described in this thread:
https://serverfault.com/questions/716556/freeipa-ldap-refuse-auth-for-use...
Basically we have enabled the FreeIPA LDAP back end to authenticate our
uses to various web applications (Confluence, jira, rundeck, etc.) as well
as our VPN. What I'm finding is that users with expired passwords are still
able to access all of the services. I see there is an issue in development (
https://pagure.io/freeipa/issue/1539) but it looks to be a complex issue
that doesn't seem prudent to wait for. Does anyone have a script or
pointers on how I can search for expired passwords and disable the user
accounts if they are expired? Or is there another method to accomplish
having users with expired passwords get denied access to VPN and web
services if their password is expired?
Thanks,
Jeff