Expired password form does not show up on LDAP expired password
Platform: CentOS 8 / Apache 2.4.37 LDAP Directory : FreeIPA v4.8.7
When an user logs in with expired LDAP password, the portal does not show password renewal form. The LDAP attribute use by FreeIPA for considering an account as expired is "krbPasswordExpiration".
See attached log auth_with_expired_pass.log
Evaluate expired status from krbPasswordExpiration attribute
I read about issue #2377 (closed), I can't say if it's linked or not.
The "_whatToTrace" macro has the value
$_auth eq 'SAML' ? lc($_user.'@'.$_idpConfKey) : $_auth eq 'OpenIDConnect' ? lc($_user.'@'.$_oidc_OP) : lc($_user)