Hi Kris, I'm currently working on this now. In theory you shouldn't need the field passwordexpirationtime in the AD LDAP. The value stored in the pwdLastSet attribute is the time the user last reset their password (stored in MS Format which is 100's of nanoseconds since 1/1/1601 00:00:00). Given that, if all your users have the same password expiration policy (for example 90 days), you just need to ensure that the value of pwdLastSet is less than 90 days ago.
However, if like me you have multiple AD domains (with multiple password policies), and you have multiple LDAP connections this is not trivial. I'm currently working on customising the code in cas-server-support-ldap-pwd-expiration for our deployment. I'll report anything I get developed back to the list. Thanks Paul On 25 Jan 2010, at 16:22, Borchers, Kristopher C. wrote: Has anyone out there that uses the ldap password expiration module created an overlay that will read the pwdLastSet attribute from Active Directory and use that to calculate the number of days until password expiration. I would really like to use the password expiration warning feature of this module but my AD admin will not cooperate with the creation of a passwordexpirationtime attribute for every user in AD. Thanks, Kris Kristopher Borchers Web Application Developer - Content Analyst Saint Xavier University Ph. 773-298-3924 [email protected]<mailto:[email protected]> www.sxu.edu<http://www.sxu.edu> Saint Xavier University - Success with Purpose. Saint Xavier University, a Catholic institution inspired by the heritage of the Sisters of Mercy, educates men and women to search for truth, to think critically, to communicate effectively, and to serve wisely and compassionately in support of human dignity and the common good. -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user ________________________________ This email and any attachments are confidential and intended solely for the use of the addressee and may contain information which is covered by legal, professional or other privilege. If you have received this email in error please notify the system manager at [email protected]. The University's computer systems may be monitored and communications carried on them recorded to secure the effective operation of the system and for other lawful purposes. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
