On Wed, 06 May 2009 14:08:19 -0400, Eric Pierce wrote > With OpenLdap, you'll need to use the ppolicy overlay (http://linux.die.net/man/5/slapo-ppolicy) to enforce password policies at the server level. The purpose of the CAS module wasn't to enforce the policies, I just wanted to give the user more information about why the server denied their login. To have CAS enforce the expiration date, take a look at the work that Bart Ophelders & Johan Peeters did here : http://www.ja-sig.org/wiki/display/CAS/Expired+Password+Integration
Ok, we will do it. > You should still be seeing an LDAP search and log messages when you login even without the ppolicy overlay. Can you send a copy of your login-webflow.xml ? There must be some problem there. This is ldap server log: May 7 08:51:06 ldapm slapd[8974]: conn=29633 fd=29 ACCEPT from IP=160.78.48.23:58228 (IP=0.0.0.0:389) May 7 08:51:06 ldapm slapd[8974]: conn=29633 op=0 BIND dn="cn=Browsing Joe,dc=LDAP,ou=CCE,ou=Strutture,dc=unipr,dc=it" method=128 May 7 08:51:06 ldapm slapd[8974]: conn=29633 op=0 BIND dn="cn=Browsing Joe,dc=LDAP,ou=CCE,ou=Strutture,dc=unipr,dc=it" mech=SIMPLE ssf=0 May 7 08:51:06 ldapm slapd[8974]: conn=29633 op=0 RESULT tag=97 err=0 text= May 7 08:51:06 ldapm slapd[8974]: conn=29633 op=1 SRCH base="ou=people,dc=unipr,dc=it" scope=2 deref=3 filter="([email protected])" May 7 08:51:06 ldapm slapd[8974]: conn=29633 op=1 SRCH attr=1.1 May 7 08:51:06 ldapm slapd[8974]: conn=29633 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= May 7 08:51:06 ldapm slapd[8974]: conn=29634 fd=40 ACCEPT from IP=160.78.48.23:58229 (IP=0.0.0.0:389) May 7 08:51:06 ldapm slapd[8974]: conn=29634 op=0 BIND dn="cn=Studente Test (01),ou=Studenti,ou=People,dc=unipr,dc=it" method=128 May 7 08:51:06 ldapm slapd[8974]: conn=29634 op=0 BIND dn="cn=Studente Test (01),ou=Studenti,ou=People,dc=unipr,dc=it" mech=SIMPLE ssf=0 May 7 08:51:06 ldapm slapd[8974]: conn=29634 op=0 RESULT tag=97 err=0 text= and no search for shadowexpire or shadowwarning. I did not make any change to login-webflow.xml from the svn version. Did I have to? best regards Marco Panella -- Universita' degli Studi di Parma (http://www.unipr.it) -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
