Hi,
I am researching a way to allow user change expired password. OpenLDAP is used as user-federation and so far we manage to make custom LDAP mapper (not sure is it necessary though) that reads required attributes and “decides” shall user change his password. As a starting point, we used MSAD mapper.
Now, I think (hope) adding custom RequiredAction in cases when user have to change password is sufficient. I am not sure how to programatically add this action (I would like to avoid changing flows if possible)?
Also, I am unsure how to avoid connection type (read/write/unsync) in LDAP provider - I don’t need this at all, since changing password will be done by admin REST API available on the host PC, so it is not related to LDAP at all. Do I need custom provider for this also?
Kindest regards