Bug 2167565

Summary: [RFE] Request for attributes mapper for RHDS similar to MSADUserAccountStorageMapper for MSAD to support Redhat Single Sign On trigger password expired when user password store in RHDS.
Product: Red Hat Directory Server Reporter: hagaikwa
Component: Directory ServerAssignee: LDAP Maintainers <idm-ds-dev-bugs>
Status: CLOSED WONTFIX QA Contact: LDAP QA Team <idm-ds-qe-bugs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 12.0CC: asakure, idm-ds-dev-bugs, mreynolds, tbordaz, vashirov
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-07-28 09:05:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description hagaikwa 2023-02-07 04:18:09 UTC
Description of problem: 
[RFE] Request for attributes mapper for RHDS similar to MSADUserAccountStorageMapper for MSAD to support Redhat Single Sign On trigger password expired when user password store in RHDS.


Version-Release number of selected component (if applicable):
RHDS 12

Comment 2 mreynolds 2023-04-05 14:31:59 UTC
RHDS returns an ldap control when the password is expired.  So Red Hat Single Sign On could properly detect if the password is expired or incorrect if it checked for this control.  This is discussed in the RHDS admin guide:

https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/understanding_password_expiration_controls

Comment 3 mreynolds 2023-04-12 15:08:58 UTC
(In reply to mreynolds from comment #2)
> RHDS returns an ldap control when the password is expired.  So Red Hat
> Single Sign On could properly detect if the password is expired or incorrect
> if it checked for this control.  This is discussed in the RHDS admin guide:
> 
> https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/
> html/administration_guide/understanding_password_expiration_controls

Are there any concerns with this?  Otherwise we will close this RFE.