On Tue, 2016-03-01 at 17:51 +0100, Lukas Slebodnik wrote:
On (01/03/16 17:45), Lukas Slebodnik wrote:
>On (31/01/16 11:53), Simo Sorce wrote:
>>Expired != Disabled
>>this change is intentional.
>>
>Yes, but explain it to Active directory :-)
>
>Attached is patch with workaround/hack
>regression with expired AD users.
>
ENOPATCH
LS
I think a better approach is to return the KRBKDC error from the child
without mapping (or with an intermediate mapping) and have the IPA and
AD providers map it on their own.
Simo.
--
Simo Sorce * Red Hat, Inc * New York