Page 1 of 1

preauth and expired passwords

Posted: Fri May 29, 2020 5:51 pm
by jmorby
I have an issue where by if I have flagged a user password as "expired" (must change at next login), whilst this is picked up and works as expected at the main login page, it doesn't get picked up if I use preauth

https://wiki.zimbra.com/wiki/Preauth

I'm validating the user's login info from LDAP at the beginning of their session.

Is there a way to either check if the user's password requires changing so I can force the user to the main login page, or a redirect I can include in the preauth process so that Zimbra will auto check this and force the user through the change password process when required?

Currently, we're finding a number of our users have both the "must change at next login" option set on their temporary password, and are using this temporary password to log in every day without being made to change it - which kind of defeats the whole policy.

Thanks in advance

Note .. I've also tried to find a way of checking if zimbraPasswordMustChange: TRUE via LDAP but haven't been able to find a way to extract this via LDAP

Re: preauth and expired passwords

Posted: Mon Jun 01, 2020 2:54 pm
by barrydegraaff
It means the logic you use to validate the users authentication is incomplete.

But since you do not share any of that logic, it is hard to see what it wrong.