LDAP Password-Expiry Password-Renewal Features

Hi,

we have successfully integrated FreeIPA (LDAP) with FortiGate 60E. We are using this setup to authenticate VNP-SSL Clients with credentials stored in LDAP server. What we are trying to do now is to receive password expiration prompt on FortiClients in order to perform password renewal directly within the client. For this reason we enabled the following features on our FortiGate appliance:

set password-expiry-warning enable set password-renewal enable

After commit these changes a user with an expired password can still connect to VPN using his credentials. No warning or password change prompts are displayed on FortiClient side.

Are these features available only for Microsoft AD? Full LDAP config and environment details are provided below.

Thanks in advance

SW Version Details

FreeIPA version: 4.5.4 FortiGate E60 v6.0.2 build0163 (GA) FortiClient 6.0.0.0067

Full LDAP Config on FortiGate 60E

show user ldap config user ldap edit "FreeIPA" set server "ldap.ourdomain.local" set cnid "uid" set dn "cn=accounts,dc=ourdomain,dc=local" set type regular set username "uid=admin,cn=users,cn=accounts,dc=ourdomain,dc=local" set password ENC **** set secure ldaps set port 636 set password-expiry-warning enable set password-renewal enable next end