Resolution: Won't Fix
Affects Version/s: 6.5.0
Fix Version/s: None
Component/s: Module - Authentication
Environment:IdM OOTB with passthrough authentication against LDAP with behera-support for password policy. Password policy is configured with force-change-on-add set to be True.
Under the described conditions, adding a user into the LDAP server results in the inability for the user to log into IdM because of the PasswordExpiredException from LDAP connector, which is not handled correctly.
Additional info from Gael:
Gael Allioux _ 17:24
_@here Question about how PASSTHROUGH module works.... My understanding is that it calls ICF authenticate() method.
This method returns the id of the user if auth is successful and will throw some exception if it fails.
In the case of LDAP passthrough auth, one of these exceptions can be a PasswordExpiredException.
One would expect some redirect link in UI to password reset. But it seems that this is not handled and treated as an error by IDM.
Can someone confirm this is how it works?_