Closed yufukui-m closed 1 year ago
Do you have a little more information for me on why this modification is needed? If a user is disabled, the login should already fail.
yes, a new bind request always fail for a disabled user. but once after login succeed, cached passwords are always valid and not synced. this pull-request changes behavior after the first login, invalidate password of disabled users when syncing users with azure ad.
Oh, I see. This way no unnecessary password ends up in the cache. That's fine for me :)
reset password if an account disabled. after re-enabling a user, new bind request is required.