Description of problem:
LDAP-Active Directory user with "User must change password at next login" is not able to login to the cloud engine

Version-Release number of selected component (if applicable):
rubygem-ldap_fluff-0.1.2-1.el6_3.noarch

How reproducible:
100%

Steps to Reproduce:
1. Create a new user in Active Directory with password option as "User must change password at next login"
2. Try login with this user in Cloud Engine
  
Actual results:
The Username or Password is incorrect, please try again.

Expected results:
Should be able to login or proper message should be displayed against the password change

Additional info:
rpm -qa|grep aeolus
aeolus-conductor-0.13.16-1.el6cf.noarch
aeolus-conductor-doc-0.13.16-1.el6cf.noarch
aeolus-all-0.13.16-1.el6cf.noarch
rubygem-aeolus-cli-0.7.3-1.el6cf.noarch
aeolus-configure-2.8.8-1.el6cf.noarch
aeolus-conductor-devel-0.13.16-1.el6cf.noarch
rubygem-aeolus-image-0.3.0-12.el6.noarch
aeolus-conductor-daemons-0.13.16-1.el6cf.noarch


rails.log:
Started POST "/conductor/user_session" for 10.70.35.206 at Tue Oct 09 05:16:45 -0400 2012
  Processing by UserSessionsController#create as JS
  Parameters: {"commit"=>"Login", "username"=>"user-change-pw", "authenticity_token"=>"WwB/sNdW0aZmSm3F5rplYiTyKCNqVg9ZP3F/dJmiXJ8=", "utf8"=>"✓", "password"=>"[FILTERED]"}
Warden is authenticating user-change-pw against ldap
Completed   in 833ms
  Processing by UserSessionsController#unauthenticated as JS
  Parameters: {"commit"=>"Login", "username"=>"user-change-pw", "authenticity_token"=>"WwB/sNdW0aZmSm3F5rplYiTyKCNqVg9ZP3F/dJmiXJ8=", "utf8"=>"✓", "password"=>"[FILTERED]"}
Request is unauthenticated for 127.0.0.1
Completed 401 Unauthorized in 2ms