Task #2968
open
Password expiration will not process user in excluded state
Added by Ondřej Kopr over 2 years ago.
Updated over 2 years ago.
Description
Long running task PasswordExpiredTaskExecutor doesn't process users in excluded state.
We want also for this kind of users set this flag into end system.
Please it is possible update the LRT PasswordExpiredTaskExecutor that also users in excluded state will be included :)
Now doesn't exist simple workaround that process excluded users :( only project specific LRT
Lookout: Excluded users = Inactive users (see #1724). Are you sure, you want to notify inactive users?
- Related to Task #1724: Filtering and labeling of excluded users added
The LRT won't process "manually disabled" or "left" or any "disabled" identities too. Funny thing is that the LRT processes them after they are switched back to "valid" state. The disabled identities are not present in the queue of the LRT. This might cause situations where an employee quits a job in organization and is rehired later (e.g. after few years) or returns after "exclusion", her/his identity is enabled by sync of HR system and HR processes and after that she/he receives a notification about password expiration.
I would be very careful when implementing this change because after deploying it CzechIdM might send a lot of unwanted notifications. There will be plenty of disabled identities with expired password which are not present in the LRT's queue.
Also I don't think it's a good idea to notify disabled users. I understand your need to do the provisioning on the account regardless of the identity state.
Also available in: Atom
PDF
