"User must change password at next logon" flag set for users

67 views
Skip to first unread message

john downes

unread,
Nov 12, 2023, 11:49:29 AM11/12/23
to RCDevs Security
As part of the logon requirements for new users we set "user must change password at next logon" (pwdLastSet) attribute. This must be set due to customer requirements.

As we are using a read only instance of Active Directory when the users try to logon it fails during the RADIUS phase with LDAP password has expired. 

Is there a way to stop OTP from checking the "pwdLastSet" attribute or a client policy to stop this from happening?

Yoann Traut (RCDevs)

unread,
Nov 14, 2023, 5:07:48 AM11/14/23
to RCDevs Security
Hello, 

I discussed with dev team and we will check the possibilities to implement a setting and let the user enter if that setting is enabled when password is flagged as must be changed. 

Regards

Yoann Traut (RCDevs)

unread,
Nov 20, 2023, 11:00:11 AM11/20/23
to RCDevs Security
Hello, 

The requested feature has been added in the last WebADM version: 

2.3.9 (November 17 2023)
    - Added a client policy setting allowing login with failed LDAP passwords
      when password expired, must be reset or account is locked-out.


Regards
Reply all
Reply to author
Forward
0 new messages