When binding successfully to a ppolicy enabled ldap server, a warning
message about timeBeforeExpiration or graceAuthNsRemaining might also be
included in server's response.
We're aware of ppolicy and it's on our radar in terms of the evolution
of the LDAP password policy enforcement (LPPE) effort that's been going
on for a while now and will see the light of day in the 3.5 release. At
present it only supports Active Directory, but it could be adapted for
other password expiration mechanisms (with refactoring) with some effort.
Is there a way to propagate this message (from
authenticateUsernamePasswordInternal in BindLdapAuthenticationHandler) so
that it will be available later (i.e for showing a relevant view)?
Not at present. I'll just throw a curve ball out there and see where it
lands:
http://www.ldaptive.org/docs/guide/authentication/accountstate
You could build a custom AuthenticationHandler around that and throw
custom exceptions on states of interest as a way of communicating with
the higher level components, which is how LPPE works.
M
--
You are currently subscribed to cas-dev@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev
