FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    LDAP user force password change?

    Scheduled Pinned Locked Moved
    Q&A
    2
    4
    538
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      curtis.ruck
      last edited by

      We are trying to use LDAP as a backing store for users, will fusionauth detect when the password needs to be changed through either pwdLastSet in AD or shadowLastChange with OpenLDAP?

      1 Reply Last reply Reply Quote 0
      • danD
        dan
        last edited by

        Nope. In fact, in my testing, FusionAuth didn't authenticate successfully when a user was required to change their password (I was using Active Directory).

        You could certainly pull over those attributes and save them to the user.data field in the lambda. A webhook could fire and you could send them an email or something.

        If that doesn't work, what kind of behavior are you looking for? Should FusionAuth present a message to the user telling them they need to change their password?

        Please tell me more about your use case?

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • C
          curtis.ruck
          last edited by

          Some of our applications need a backing LDAP server for authentication directly to the application with command line tools, but we want FusionAuth to be our single IDAM solution. It would be ideal if FusionAuth could detect the need for a password change and allow the user to perform that against LDAP.

          Additionally, it would be nice if the user could change password through the existing FusionAuth UI for LDAP accounts (non-migrated).

          1 Reply Last reply Reply Quote 0
          • danD
            dan
            last edited by

            Hi @curtis-ruck ,

            I think this would be a couple of new features:

            • detecting need for password change (and informing the user)
            • allowing the user to change their password in ldap through FusionAuth

            Would you mind filing them here? https://github.com/fusionauth/fusionauth-issues/issues

            Or, if you have a support plan, please file a ticket here: https://account.fusionauth.io/account/support/

            --
            FusionAuth - Auth for devs, built by devs.
            https://fusionauth.io

            1 Reply Last reply Reply Quote 0
            • First post
              Last post