Description of problem: LDAP-Active Directory user with "User must change password at next login" is not able to login to the cloud engine Version-Release number of selected component (if applicable): rubygem-ldap_fluff-0.1.2-1.el6_3.noarch How reproducible: 100% Steps to Reproduce: 1. Create a new user in Active Directory with password option as "User must change password at next login" 2. Try login with this user in Cloud Engine Actual results: The Username or Password is incorrect, please try again. Expected results: Should be able to login or proper message should be displayed against the password change Additional info: rpm -qa|grep aeolus aeolus-conductor-0.13.16-1.el6cf.noarch aeolus-conductor-doc-0.13.16-1.el6cf.noarch aeolus-all-0.13.16-1.el6cf.noarch rubygem-aeolus-cli-0.7.3-1.el6cf.noarch aeolus-configure-2.8.8-1.el6cf.noarch aeolus-conductor-devel-0.13.16-1.el6cf.noarch rubygem-aeolus-image-0.3.0-12.el6.noarch aeolus-conductor-daemons-0.13.16-1.el6cf.noarch rails.log: Started POST "/conductor/user_session" for 10.70.35.206 at Tue Oct 09 05:16:45 -0400 2012 Processing by UserSessionsController#create as JS Parameters: {"commit"=>"Login", "username"=>"user-change-pw", "authenticity_token"=>"WwB/sNdW0aZmSm3F5rplYiTyKCNqVg9ZP3F/dJmiXJ8=", "utf8"=>"✓", "password"=>"[FILTERED]"} Warden is authenticating user-change-pw against ldap Completed in 833ms Processing by UserSessionsController#unauthenticated as JS Parameters: {"commit"=>"Login", "username"=>"user-change-pw", "authenticity_token"=>"WwB/sNdW0aZmSm3F5rplYiTyKCNqVg9ZP3F/dJmiXJ8=", "utf8"=>"✓", "password"=>"[FILTERED]"} Request is unauthenticated for 127.0.0.1 Completed 401 Unauthorized in 2ms