-
Type:
Improvement
-
Status: Open (View Workflow)
-
Priority:
Major
-
Resolution: Unresolved
-
Component/s: active-directory-plugin, core, ldap-plugin
-
Labels:None
-
Similar Issues:
In the current situation, there is no check about the accounts that are disabled, locked or expired, or having their credentials expired in active-directory.
This ticket has the goal to improve the situation by reading as much as possible from the attributes returned by the server.
The PRs in ldap and active-directory uses the Microsoft's standard for the attribute names/values. I am not sure that's sufficient to cover most of the usage.