preauth and expired passwords

Have a great idea for extending Zimbra? Share ideas, ask questions, contribute, and get feedback.
jmorby
Posts: 11
Joined: Thu Apr 10, 2014 12:11 pm

preauth and expired passwords

Postby jmorby » Fri May 29, 2020 5:51 pm

I have an issue where by if I have flagged a user password as "expired" (must change at next login), whilst this is picked up and works as expected at the main login page, it doesn't get picked up if I use preauth

https://wiki.zimbra.com/wiki/Preauth

I'm validating the user's login info from LDAP at the beginning of their session.

Is there a way to either check if the user's password requires changing so I can force the user to the main login page, or a redirect I can include in the preauth process so that Zimbra will auto check this and force the user through the change password process when required?

Currently, we're finding a number of our users have both the "must change at next login" option set on their temporary password, and are using this temporary password to log in every day without being made to change it - which kind of defeats the whole policy.

Thanks in advance

Note .. I've also tried to find a way of checking if zimbraPasswordMustChange: TRUE via LDAP but haven't been able to find a way to extract this via LDAP


User avatar
barrydegraaff
Zimbra Employee
Zimbra Employee
Posts: 95
Joined: Tue Jun 17, 2014 3:31 am
Contact:

Re: preauth and expired passwords

Postby barrydegraaff » Mon Jun 01, 2020 2:54 pm

It means the logic you use to validate the users authentication is incomplete.

But since you do not share any of that logic, it is hard to see what it wrong.
--
Barry de Graaff
Admin of Zimbra-Community Github: https://github.com/orgs/Zimbra-Community/
Developer of Zimbra OpenPGP Zimlet, Zimbra ownCloud Zimlet and more.
A Zetalliance Founder http://www.zetalliance.org/

Return to “Developers”

Who is online

Users browsing this forum: No registered users and 3 guests