Task #2968
open
Password expiration will not process user in excluded state
0%
Description
Long running task PasswordExpiredTaskExecutor doesn't process users in excluded state.
We want also for this kind of users set this flag into end system.
Please it is possible update the LRT PasswordExpiredTaskExecutor that also users in excluded state will be included :)
Related issues
Updated by Ondřej Kopr about 3 years ago
Now doesn't exist simple workaround that process excluded users :( only project specific LRT
Updated by Radek Tomiška about 3 years ago
Lookout: Excluded users = Inactive users (see #1724). Are you sure, you want to notify inactive users?
Updated by Radek Tomiška about 3 years ago
- Related to Task #1724: Filtering and labeling of excluded users added
Updated by Vladimír Kotýnek about 3 years ago
The LRT won't process "manually disabled" or "left" or any "disabled" identities too. Funny thing is that the LRT processes them after they are switched back to "valid" state. The disabled identities are not present in the queue of the LRT. This might cause situations where an employee quits a job in organization and is rehired later (e.g. after few years) or returns after "exclusion", her/his identity is enabled by sync of HR system and HR processes and after that she/he receives a notification about password expiration.
I would be very careful when implementing this change because after deploying it CzechIdM might send a lot of unwanted notifications. There will be plenty of disabled identities with expired password which are not present in the LRT's queue.
Also I don't think it's a good idea to notify disabled users. I understand your need to do the provisioning on the account regardless of the identity state.