In a Policy server 12.52 SP1 CR1 with Microsoft Active Directory 2008 User Directory with enhanced AD integration enabled and LDAP Name space, we expect the login with an expired account to be redirected to the password change page. Instead, when we use the password expired login, we get successfully authenticated and authorized. No redirection to the password change page is done. How can we fix this ?
It was found that there's a special handling for this Password Expired (data 532) case and from the code it seems that we expect the redirection to the password change page which is NOT happening. The caller of this function seems to be ignoring the nReason here and just does the user authentication based on the Boolean return value (true)
registry key has been added :
ADPasswordPolicyPrioritySet under HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds\LDAPProvider
ADPasswordPolicyPrioritySet Type: DWord Value: 1 for enable, 0 for disable