> Has anyone gotten any version of the code to work with OpenLDAP? No AFAIK.
> OpenLDAP doesn't send the extended error messages (account > locked, password expired, etc) like SunDS and Active Directory do, so > there's no way to tell one authentication exception from another. The the ppolicy strategy you mentioned is a viable alternative. I'm picturing a pluggable password expiration policy framework where the existing extended error-code mechanism is one implementation and ppolicy another for OpenLDAP. We have the resources and interest to pursue the ppolicy implementation once the framework matures to support multiple implementations. No argument it significantly increases the complexity, but it's necessary complexity for coverage of an important directory like OpenLDAP. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
