Forum Discussion

Nimbostratus

Aug 07, 2024

How to Disable fields after AD Password expired

Hi everyone. We have a F5 v17.1.0.3 with APM Profile configured in standard mode customization configuration. We would like to disable the fields "New Password" and "Verify Password" after the AD ...

APM

Injeyan_Kostas

Cirrus

Aug 11, 2024

If I understand well, you do not want to give user the option to create new password when previous one is expired.

This is actually a default behavior of AD Auth

One option is to use AD Query before AD Auth and add this "Expression: expr {[mcget {session.ad.last.queryresult}] == 0 && [ string tolower [mcget {session.ad.last.errmsg}]] contains [ string tolower "Password has expired"]}" as a branch with a custom deny ending.

Second option is to use LDAP Auth instead AD Auth.

SecOps_AX-SP
Nimbostratus
Sep 27, 2024
Thanks Injeyan.

Finally we used the LDAP Auth option.
This involved changing the config in the Auth policy but it worked fine. 🙂

Regards.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

How to Disable fields after AD Password expired

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

AD password expired

Password Safety & Security: Passwords vs. Passphrases

LTM Certificate expire

Automate scp transfers using password

Expired ssl warning

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS