This is a completely different problem than the one you were talking about a few messages ago. You really should start a new thread for a new problem, to help other people searching the forum for answers.
As for this problem, have you enabled the password management features of the CAS server? Those would need to be enabled for it to detect the "change password at next login" state and do something intelligent with it. (We don't use those features, so I don't know for sure that they handle that particular condition, but I assume they do.) -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* THE NEW SCHOOL • INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • david.cu...@newschool.edu On Tue, Nov 27, 2018 at 1:53 AM Sudhan Samyraj < sud...@eluminaelearning.com.au> wrote: > Hi David, > > I will describe my problem clearly , please help me > to sort it out once the user login with the userprincipalname it is login > me fine. > > if once i click the user must change password at next login checbox in AD > the user in not able to login in CAS. > > Regards, > > [image: photo] > S.Sudhanraj > Network Engineer > > A: 309 Kent Street, Sydney, NSW 2000 > <https://maps.google.com/?q=309+Kent+Street,+Sydney,+NSW&entry=gmail&source=g> > > > > Email: helpd...@eluminaelearning.com.au > > > On Tue, Nov 27, 2018 at 12:29 AM David Curry <david.cu...@newschool.edu> > wrote: > >> What version of CAS are you using? >> What "login error" are you getting (include the actual text of the error)? >> Do you see any errors in your log file(s) about it? If so, what are they >> (copy and paste relevant lines)? >> Have you tried turning on debug-level logging? Did it tell you anything? >> If so, what (copy and paste relevant lines)? >> Please do share your cas.properties, at least the LDAP-related bits, so >> we can see what you're doing. >> >> I'm guessing, since you say you're getting a login error rather than a >> startup error, that you're not experiencing the same issue as the original >> poster was, so I'm a little unclear as to why you're posing in this thread >> instead of starting a new one? (If you are having the same issue as the >> original poster, the answer to that problem is in the second post in this >> thread.) >> >> -- >> >> DAVID A. CURRY, CISSP >> *DIRECTOR OF INFORMATION SECURITY* >> THE NEW SCHOOL • INFORMATION TECHNOLOGY >> >> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >> +1 212 229-5300 x4728 • david.cu...@newschool.edu >> >> >> On Mon, Nov 26, 2018 at 1:30 PM Sudhan Samyraj < >> sud...@eluminaelearning.com.au> wrote: >> >>> Hi Ray >>> >>> The forum is very helpful for me but my issue was >>> not fixed >>> >>> by using this cas.authn.ldap[0].userFilter: >>> sAMAccountName={user} am getting login error >>> >>> can i share my cas.properties file please help me to sort it out >>> >>> >>> [image: photo] >>> S.Sudhanraj >>> Network Engineer >>> >>> A: 309 Kent Street, Sydney, NSW 2000 >>> <https://maps.google.com/?q=309+Kent+Street,+Sydney,+NSW&entry=gmail&source=g> >>> >>> >>> >>> Email: helpd...@eluminaelearning.com.au >>> >>> >>> On Mon, Nov 26, 2018 at 11:26 PM Ray Bon <r...@uvic.ca> wrote: >>> >>>> Could this conversation be of help: >>>> >>>> https://groups.google.com/a/apereo.org/forum/?utm_medium=email&utm_source=footer#!searchin/cas-user/sAMAccountname/cas-user/C0KcFq97yVg/qR7VuogOAgAJ >>>> >>>> A general search for sAMAccountname: >>>> >>>> https://groups.google.com/a/apereo.org/forum/?utm_medium=email&utm_source=footer#!searchin/cas-user/sAMAccountname;context-place=msg/cas-user/e_zIvfJPil8/yhehxDT-CQAJ >>>> >>>> Ray >>>> >>>> On Mon, 2018-11-26 at 09:48 -0800, Sudhan Samyraj wrote: >>>> >>>> Hi Please anyone suggest me below, >>>> >>>> I have sync the moodle and AD is working fine for me and sync the ad & >>>> cas it is not considering the sAMAccountname >>>> >>>> It is taking me to login only with the display name, please share any >>>> configuration for common attributes between sAMAccountname / >>>> Useprincipalname and cas. >>>> >>>> Regards, >>>> S.Sudhanraj >>>> >>>> On Tuesday, March 27, 2018 at 7:59:17 AM UTC+5:30, darin.russell wrote: >>>> >>>> Hello All >>>> >>>> I've been running CAS 5.2.4-SNAPSHOT using LDAP authentication with no >>>> problems. When I try to use CAS 5.3.0-RC2 I get errors with my >>>> >>>> cas.authn.ldap[0].userFilter=cn={user} >>>> >>>> property. When I have it in my cas.properties file, CAS exits with the >>>> following error on startup - >>>> >>>> 2018-03-27 00:59:53,803 WARN >>>> [org.apereo.cas.web.CasWebApplicationContext] - <Exception encountered >>>> during context initialization - cancelling refresh attempt: >>>> org.springframework.beans.factory.BeanCreationException: Error creating >>>> bean with name 'casBeanValidationPostProcessor' defined in class path >>>> resource [org/apereo/cas/config/CasCoreUtilConfiguration.class]: >>>> BeanPostProcessor before instantiation of bean failed; nested exception is >>>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error >>>> creating bean with name >>>> 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration': >>>> Unsatisfied dependency expressed through method 'setConfigurers' parameter >>>> 0; nested exception is >>>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error >>>> creating bean with name 'casCoreTicketsConfiguration': Unsatisfied >>>> dependency expressed through field 'casProperties'; nested exception is >>>> org.springframework.beans.factory.BeanCreationException: Error creating >>>> bean with name >>>> 'cas-org.apereo.cas.configuration.CasConfigurationProperties': Could not >>>> bind properties to CasConfigurationProperties (prefix=cas, >>>> ignoreInvalidFields=false, ignoreUnknownFields=false, >>>> ignoreNestedProperties=false); nested exception is >>>> org.springframework.boot.bind.RelaxedBindingNotWritablePropertyException: >>>> Failed to bind 'cas.authn.ldap[0].userFilter' from >>>> 'applicationProfilesProperties' to 'authn.ldap[0].userFilter' property on >>>> 'org.apereo.cas.configuration.model.core.authentication.AuthenticationProperties'> >>>> >>>> >>>> If I comment the property out, CAS gets to the point of trying to >>>> initialize my direct bind to the LDAP server, but then stops with this >>>> error - >>>> >>>> 2018-03-27 01:22:16,484 WARN >>>> [org.apereo.cas.web.CasWebApplicationContext] - <Exception encountered >>>> during context initialization - cancelling refresh attempt: >>>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error >>>> creating bean with name 'authenticationTransactionManager' defined in class >>>> path resource >>>> [org/apereo/cas/config/CasCoreAuthenticationConfiguration.class]: >>>> Unsatisfied dependency expressed through method >>>> 'authenticationTransactionManager' parameter 0; nested exception is >>>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error >>>> creating bean with name 'casAuthenticationManager' defined in class path >>>> resource [org/apereo/cas/config/CasCoreAuthenticationConfiguration.class]: >>>> Unsatisfied dependency expressed through method 'casAuthenticationManager' >>>> parameter 2; nested exception is >>>> org.springframework.beans.factory.BeanCreationException: Error creating >>>> bean with name 'authenticationEventExecutionPlan' defined in class path >>>> resource [org/apereo/cas/config/CasCoreAuthenticationConfiguration.class]: >>>> Bean instantiation via factory method failed; nested exception is >>>> org.springframework.beans.BeanInstantiationException: Failed to instantiate >>>> [org.apereo.cas.authentication.AuthenticationEventExecutionPlan]: Factory >>>> method 'authenticationEventExecutionPlan' threw exception; nested exception >>>> is org.springframework.beans.factory.BeanCreationException: Error creating >>>> bean with name 'ldapAuthenticationHandlers' defined in class path resource >>>> [org/apereo/cas/config/LdapAuthenticationConfiguration.class]: Bean >>>> instantiation via factory method failed; nested exception is >>>> org.springframework.beans.BeanInstantiationException: Failed to instantiate >>>> [java.util.Collection]: Factory method 'ldapAuthenticationHandlers' threw >>>> exception; nested exception is java.lang.IllegalArgumentException: To >>>> create a search entry resolver, user filter cannot be empty/blank> >>>> >>>> I know CAS 5.3.0 has made changes to configuration binding behaviour, >>>> and I have found and made some changes to my cas.properties, but I can't >>>> work this one out. I've searched through the current Development docs, but >>>> can't find any reference to cas.authn.ldap[0].userFilter anywhere! Has it >>>> been changed, and I am missing the new name, or is this a bug? I am at a >>>> loss. >>>> >>>> Thanks in advance >>>> Darin >>>> >>>> Darin Russell >>>> Assistant Manager Information Technology - Moore Theological College >>>> >>>> >>>> Phone: +61 2 9577 9893 | >>>> Address: 1 King Street, Newtown NSW 2042 Australia | Web: >>>> www.moore.edu.au | >>>> CRICOS Provider Code: 00682B >>>> >>>> Important Notice: This email is for the named recipient only. Its >>>> contents are confidential and may contain legally privileged information. >>>> The unauthorised use, disclosure, copying or alteration of this message is >>>> strictly forbidden. If you receive this email in error, please contact the >>>> sender immediately and delete the email and all attachments from your >>>> system. This email is subject to copyright. Copyright: Moore Theological >>>> College Council. >>>> >>>> -- >>>> Ray Bon >>>> Programmer analyst >>>> Development Services, University Systems >>>> 2507218831 | CLE 019 | r...@uvic.ca >>>> >>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to cas-user+unsubscr...@apereo.org. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/1543254997.2846.5.camel%40uvic.ca >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1543254997.2846.5.camel%40uvic.ca?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cas-user+unsubscr...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMpDKNTW-8enoDhG5Psn4pBQQjvVVOYfVHk%3DOa6TC%2BVw9pBNUA%40mail.gmail.com >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMpDKNTW-8enoDhG5Psn4pBQQjvVVOYfVHk%3DOa6TC%2BVw9pBNUA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+unsubscr...@apereo.org. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAM-Wo_FUq%2Beq6Q%3DoG1jvr_TBF1WunFTjzUQ5-cnh60Nmg%40mail.gmail.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAM-Wo_FUq%2Beq6Q%3DoG1jvr_TBF1WunFTjzUQ5-cnh60Nmg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMpDKNRBTEs81CJfDo5GzvO4BF1LnfJp6EKdiytqNkMV7NK-yQ%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMpDKNRBTEs81CJfDo5GzvO4BF1LnfJp6EKdiytqNkMV7NK-yQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMtAkXzL2Zy804KBeBMZCfjUMxhw05EBTJsMBAJBxDZ_Q%40mail.gmail.com.
