Hi,
I find myself in situation described in this thread: https://serverfault.com/questions/716556/freeipa-ldap-refuse-auth-for-users-... Basically we have enabled the FreeIPA LDAP back end to authenticate our uses to various web applications (Confluence, jira, rundeck, etc.) as well as our VPN. What I'm finding is that users with expired passwords are still able to access all of the services. I see there is an issue in development ( https://pagure.io/freeipa/issue/1539) but it looks to be a complex issue that doesn't seem prudent to wait for. Does anyone have a script or pointers on how I can search for expired passwords and disable the user accounts if they are expired? Or is there another method to accomplish having users with expired passwords get denied access to VPN and web services if their password is expired?
Thanks,
Jeff
freeipa-users@lists.fedorahosted.org