Has anyone gotten any version of the code to work with OpenLDAP?  From what
I understand, OpenLDAP doesn't send the extended error messages (account
locked, password expired, etc) like SunDS and Active Directory do, so
there's no way to tell one authentication exception from another.  I think
the only way to get this working with all LDAP servers would be to modify
Spring-LDAP to handle the LDAP-ppolicy extensions like Spring-Security does
*(*
http://static.springsource.org/spring-security/site/apidocs/index.html?org/springframework/security/ldap/ppolicy/package-use.html)
 That's probably a much bigger project, so it may be better to continue
fixing/cleaning up the existing code and building a module with a caveat
that it only works with certain LDAP servers.  Then, once the LDAP-ppolicy
support is available and it can support OpenLDAP it could be merged into
core.

-Eric


On Wed, Aug 24, 2011 at 5:27 PM, William G. Thompson, Jr.
<[email protected]>wrote:

> LPPE status update...
>
> 3.4.8 patch applied and tagged:
>
> https://source.jasig.org/sandbox/cas-password-policy/tags/cas-server-support-ldap-pwd-expiration-3.4.8/
>
> CAS 3.4.10 changes pulled into LPPE and tagged:
>
> https://source.jasig.org/sandbox/cas-password-policy/tags/cas-server-support-ldap-pwd-expiration-3.4.10/
>
> https://wiki.jasig.org/display/CASUM/LDAP+Password+Policy+Enforcement
> updated with the current status.
>
> I have *not* run this code and have no idea if it is functional yet.
> I plan to do that next.
>
> Generally it looks this module is mostly additions with very few
> modifications.  At first glance it seems like it could be incorporated
> into the core with modest evolution.    Check out the merge notes
> here:
>
> https://wiki.jasig.org/display/CASUM/LDAP+Password+Policy+Enformcement+3.4.10+Upgrade+Notes
>
> Perhaps LPPE is a reasonable candidate for CAS 3.5.
>
> Also looks like it might be possible to split this out into a module
> (jars), plus a maven overlay.  Would appreciate feedback from folks on
> how they are incorporating this code today.
>
> Best,
> Bill
>
>
>
> On Tue, Aug 23, 2011 at 10:24 AM, William G. Thompson, Jr.
> <[email protected]> wrote:
> > Folks,
> >
> > I'm working on a new CAS deployment based on 3.4.10.  We have a
> > requirement to implement LDAP Password Policy Enforcement.
> > https://wiki.jasig.org/display/CASUM/LDAP+Password+Policy+Enforcement
> >
> > The wiki page describes the state of the module.  SVN is here:
> > https://source.jasig.org/sandbox/cas-password-policy/ and the latest
> > tag is for CAS 3.4.7.  There's also a patch file on the wiki for 3.4.8
> > that's not in SVN.
> >
> > I started a branch to track CAS 3.4.x here:
> >
> https://source.jasig.org/sandbox/cas-password-policy/branches/cas-server-support-ldap-pwd-expiration-3.4.x/
> >
> > I intend to apply the 3.4.8 patch, cut a tag, and then bring the 3.4.x
> > branch up to 3.4.10, and cut another tag.  I'd like to get to a
> > sustainable process and possibly figure out how to get this into the
> > core at some point if that makes sense.
> >
> > Appreciate any feedback, help, etc.
> >
> > Best,
> > Bill
> >
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-dev
>
>


-- 
Eric Pierce
Identity Management Architect
Information Technology
University of South Florida
(813) 974-8868 -- [email protected]

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-dev

Reply via email to