Reporting my experience: on an enterprice installation with LDAP login
We had to force the password expiration for security reason. This resulted in a lot of people trying to login on nextcloud with the old (to change) password before they realized to change password pressing CTRL+ALT+DEL on their windows clients. In the meantime our IP was banned and the browser returned a 500 gateway error. No logs anywhere. Very mad.