Hi There,

We use Active Directory (Server 2012) for user accounts and they are provisioned into Drupal when the user logs in.

When a user logs into a network machine for the first time they are prompted to change their password before they can continue.

If a remote user who has never logged in to the network before attempts to log into our Drupal site , the attempt is rejected with code 49 "Invalid credentials", further investigation revels the problem to be subcode 773 'USER MUST RESET PASSWORD' (taken from http://wiki.servicenow.com/index.php?title=LDAP_Error_Codes#gsc.tab=0)

My apologies if I am wrong but from what I can see this case doesn't appear to be handled at present? - just seems to be treated as a standard Invalid Credentials error.

Thanks for looking,

-Brett

Comments

antarctica98 created an issue. See original summary.

grahl’s picture

Issue summary: View changes
grahl’s picture

Version: 7.x-2.0-beta11 » 8.x-3.x-dev

Hi

You are correct, we currently do not have any way of handling this scenario. Apparently we have to jump through a few hoops to actually get that additional information: http://stackoverflow.com/a/28816473/1603217

I am considering adding this in the following steps for 8:

  1. Provide functions to retrieve extended information
  2. Review existing hooks for extension to allow custom functionality for corner cases.
  3. Add ldap_authenticaton support for the extended attributes corner cases.

If someone wants to provide a back port for that for 7.x-2.x I'd be willing to commit it but would not invest time into creating it.

grahl’s picture

Status: Active » Postponed
grahl’s picture

Version: 8.x-3.x-dev » 8.x-4.x-dev
bluegeek9’s picture

Priority: Normal » Minor