Has anyone gotten any version of the code to work with OpenLDAP? From what I understand, OpenLDAP doesn't send the extended error messages (account locked, password expired, etc) like SunDS and Active Directory do, so there's no way to tell one authentication exception from another. I think the only way to get this working with all LDAP servers would be to modify Spring-LDAP to handle the LDAP-ppolicy extensions like Spring-Security does *(* http://static.springsource.org/spring-security/site/apidocs/index.html?org/springframework/security/ldap/ppolicy/package-use.html) That's probably a much bigger project, so it may be better to continue fixing/cleaning up the existing code and building a module with a caveat that it only works with certain LDAP servers. Then, once the LDAP-ppolicy support is available and it can support OpenLDAP it could be merged into core.
-Eric On Wed, Aug 24, 2011 at 5:27 PM, William G. Thompson, Jr. <[email protected]>wrote: > LPPE status update... > > 3.4.8 patch applied and tagged: > > https://source.jasig.org/sandbox/cas-password-policy/tags/cas-server-support-ldap-pwd-expiration-3.4.8/ > > CAS 3.4.10 changes pulled into LPPE and tagged: > > https://source.jasig.org/sandbox/cas-password-policy/tags/cas-server-support-ldap-pwd-expiration-3.4.10/ > > https://wiki.jasig.org/display/CASUM/LDAP+Password+Policy+Enforcement > updated with the current status. > > I have *not* run this code and have no idea if it is functional yet. > I plan to do that next. > > Generally it looks this module is mostly additions with very few > modifications. At first glance it seems like it could be incorporated > into the core with modest evolution. Check out the merge notes > here: > > https://wiki.jasig.org/display/CASUM/LDAP+Password+Policy+Enformcement+3.4.10+Upgrade+Notes > > Perhaps LPPE is a reasonable candidate for CAS 3.5. > > Also looks like it might be possible to split this out into a module > (jars), plus a maven overlay. Would appreciate feedback from folks on > how they are incorporating this code today. > > Best, > Bill > > > > On Tue, Aug 23, 2011 at 10:24 AM, William G. Thompson, Jr. > <[email protected]> wrote: > > Folks, > > > > I'm working on a new CAS deployment based on 3.4.10. We have a > > requirement to implement LDAP Password Policy Enforcement. > > https://wiki.jasig.org/display/CASUM/LDAP+Password+Policy+Enforcement > > > > The wiki page describes the state of the module. SVN is here: > > https://source.jasig.org/sandbox/cas-password-policy/ and the latest > > tag is for CAS 3.4.7. There's also a patch file on the wiki for 3.4.8 > > that's not in SVN. > > > > I started a branch to track CAS 3.4.x here: > > > https://source.jasig.org/sandbox/cas-password-policy/branches/cas-server-support-ldap-pwd-expiration-3.4.x/ > > > > I intend to apply the 3.4.8 patch, cut a tag, and then bring the 3.4.x > > branch up to 3.4.10, and cut another tag. I'd like to get to a > > sustainable process and possibly figure out how to get this into the > > core at some point if that makes sense. > > > > Appreciate any feedback, help, etc. > > > > Best, > > Bill > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- Eric Pierce Identity Management Architect Information Technology University of South Florida (813) 974-8868 -- [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
