yeah, I don't think the outlook connector handles "must change" password errors at login. I'll ask around.
It really shouldn't be a performance issue to bind on logins. We just didn't have to internally since we already did the read to get the LDAP entry and we have the userPassword attr sitting there. If we supported {crypt} we could avoid the bind as well. Should be fairly trivial to do.
roland |