Hi, thanks i found https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html#configuration-1
1 <alias name="ldapPasswordPolicyConfiguration" alias="passwordPolicyConfiguration" /> The following settings are applicable: 1 2 3 # password.policy.warnAll=false # password.policy.warningDays=30 # password.policy.url=https://password.example.edu/change Next, in your ldapAuthenticationHandler bean, configure the password policy configuration above: 1 2 3 4 5 <bean id="ldapAuthenticationHandler" class="org.jasig.cas.authentication.LdapAuthenticationHandler" p:passwordPolicyConfiguration-ref="passwordPolicyConfiguration"> ...</bean> Next, make sure Authenticator is set to enable/use password policy: 1 2 3 4 5 <ldaptive:bind-search-authenticator id="authenticator" ... usePasswordPolicy="${ldap.usePpolicy:true}" .../> 在 2016年12月6日星期二 UTC+8下午10:23:57,Ben Howell-Thomas写道: > > Hi, > > First post! > > I don't think CAS has a say in how it binds. > > However I remember seeing an option in openldap somewhere (sorry, just > learning openldap myself, can't remember where) that said it would always > return an invalid credentials message to avoid giving away that it's a real > username. > > Ben > > On 6 December 2016 at 13:25, liu chenghai <[email protected] <javascript:> > > wrote: > >> Hi, >> I use ppolicy overlay and enabled ppolicy_use_lockout to separate between >> invalid password and locked accounts on openldap. >> >> >> I tried to lock a user account by entering a wrong password couple of >> times (pwdMaxFailure) >> >> The user is being locked but when I try to login again I still get the >> same error: >> >> Invalid credentials (49) >> >> the slapo-ppolicy(5) main page states quite clearly that >> ppolicy_use_lockout only affects the ppolicy response control. CAS must >> Bind using the ppolicy request control in order to generate this result >> code. >> Is cas binding this way? >> >> -- >> - CAS gitter chatroom: https://gitter.im/apereo/cas >> - CAS mailing list guidelines: >> https://apereo.github.io/cas/Mailing-Lists.html >> - CAS documentation website: https://apereo.github.io/cas >> - CAS project website: https://github.com/apereo/cas >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/bbcbe0fa-058b-4ed3-b6ec-ff2649cef522%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/bbcbe0fa-058b-4ed3-b6ec-ff2649cef522%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > > > This email is sent on behalf of Northgate Public Services (UK) Limited and > its associated companies including Rave Technologies (India) Pvt Limited > (together "Northgate Public Services") and is strictly confidential and > intended solely for the addressee(s). > If you are not the intended recipient of this email you must: (i) not > disclose, copy or distribute its contents to any other person nor use its > contents in any way or you may be acting unlawfully; (ii) contact > Northgate Public Services immediately on +44(0)1908 264500 quoting the name > of the sender and the addressee then delete it from your system. > Northgate Public Services has taken reasonable precautions to ensure that > no viruses are contained in this email, but does not accept any > responsibility once this email has been transmitted. You should scan > attachments (if any) for viruses. > > Northgate Public Services (UK) Limited, registered in England and Wales > under number 00968498 with a registered address of Peoplebuilding 2, > Peoplebuilding Estate, Maylands Avenue, Hemel Hempstead, Hertfordshire, HP2 > 4NN. Rave Technologies (India) Pvt Limited, registered in India under > number 117068 with a registered address of 2nd Floor, Ballard House, Adi > Marzban Marg, Ballard Estate, Mumbai, Maharashtra, India, 400001. > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d7b4d97d-5cff-4fa6-b9a5-faf75fb85ace%40apereo.org.
