On Wed, 06 May 2009 10:21:09 -0400, Eric Pierce wrote > How are you testing the login? Are you just going directly to the CAS login page or using a CAS-protected service that directs you to the login page? The warning won't come up if you just go to the CAS login page and don't specify a service because PasswordWarningCheck isn't run until after the TGT and Service Ticket are generated.
I did not understand that, so I tried with http://127.0.0.1/cas/login. Now, I get this in catalina.out: 2009-05-06 16:53:47,557 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Search Filter: 'mail=%u'> 2009-05-06 16:53:47,557 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Expire Date Attribute: 'shadowexpire'> 2009-05-06 16:53:47,557 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Warning Days Attribute: 'shadowwarning '> 2009-05-06 16:53:47,558 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Default Warning Days: '20'> 2009-05-06 16:53:47,558 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Date format: 'openldap'> > Have you tried logging in with an account that is expired or locked? Do you get the error pages or a generic "password incorrect" message? Yes, the account I use is expired (shadowExpire = 13000; 5th aug 2005). I can not see any search on the ldap server about shadow parameters of the account I use. Since we use openldap, we have to modify LdapPasswordWarningCheck.java. When dateFormat == 'openldap' the expire date of the account will be set as days from 1970-01-01 and the expire date of the password will be set as shadowlastchange (days from 1970-01-01 of the last change) plus shadowMax days. Now I am trying again with http://127.0.0.1:8080/cas/login?service=<some service>. I am granted a service ticket and redirected to the service without checking account expiration. Thank you for your help Marco Panella -- Universita' degli Studi di Parma (http://www.unipr.it) -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
