Accept logons from users where password change is required (copied)
This PhenixID Solution Document (PSD) is written for PhenixID Server.
This is only valid for User accounts that reside in Active Directory.
This article describes how to accept user login for accounts that has the following flags set:
- 532 – password expired
- 773 – user must reset password
The reader should have some basic knowledge about PhenixID Server.
Overview
If users have the above flags set on their account, PhenixID Server will receive an LDAP error code in return from the Active Directory server.
The configuration below will accept Active Directory users that must change password.
Instruction
We will make changes to the file store.json/phenix-store.json, so please make sure that you have a recent copy/backup of this file/files.
Set the following parameter in the LDAPBindValve: "allowed_error_codes":"532,773"
Example:
{
"name" : "LDAPBindValve",
"config" : {
"connection_ref" : "4e36dd7c-cee2-42d4-85df-5e942926e979",
"password_param_name" : "User-Password",
"allowed_error_codes" : "532,773"
}
}Save the file. Changes will not require restart.