Hi Jeff, I think a wiki update to highlight that it only works with BindLdap rather than FastBind as it's not immediately obvious.
Paul Vitty Apache/MySQL Web Platform Engineer Application Platform Delivery Information Services Directorate University of Ulster Tel: 02890 366273 Email: [email protected] Web: http://www.ulster.ac.uk/staff/p.vitty.html On 15 Feb 2010, at 22:28, "Jeff Chapin" <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I had actually been barking up that tree -- using BindLdap, and not > FastBind, but had to move in different directions. I will try to > replicate your results in the morning and see what I can come up with. > > Thanks for the pointers! > > Jeff > > Vitty, Paul wrote: >> Jeff/Ahsan, >> >> I've been working on this issue this evening and have gotten to the >> point where I am seeing the output you expect to see. >> >> I'm not sure, maybe you know this already, but the password about >> to expire message is only shown when you request a service ticket, >> it's not shown when only a ticket granting ticket is requested. >> >> Another thing I worked out is that you need to use the >> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler for your >> LDAP authentication handler in deployerConfigContext.xml, where as >> before we were using the Fast Bind class. Not sure if that helps >> you out, but it's got me this far. >> >> Paul >> >> On 15 Feb 2010, at 22:16, Jeff Chapin wrote: >> >> No, I have not got this to work yet. >> >> I moved focus to other issues on my plate. I will look into this >> again >> further tomorrow, but this appears to be the *EXACT* same >> experience I >> am having -- so we appear to be on the same page, at least. >> >> Jeff >> >> Ahsan Imam wrote: >>>>> Jeff, >>>>> >>>>> Did you ever get the module to work? Are you still have issues? >>>>> After >>>>> the documentation was updated on Feb 10, I changed my >>>>> configuration >>>>> setting specified for passwordWarningcheck.xml. I am getting no >>>>> warning >>>>> message and there is nothing in the logs. Logging is set to: >>>>> >>>>> log4j.logger.org.jasig.cas.services=INFO >>>>> log4j.logger.org.jasig.cas.web.flow=DEBUG >>>>> log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck= >>>>> DEBUG >>>>> log4j.logger.org.jasig.cas.adaptors=DEBUG >>>>> >>>>> >>>>> I set warnAll to true and I should see a message "Show Warning >>>>> (WarnALL >>>>> is TRUE!) -- The password for " + userID + " will expire in " + >>>>> Math.round(DateDiff / Timer.ONE_DAY) + " days" based on the >>>>> code. I do >>>>> not see and message in the browser or the logs. >>>>> >>>>> I wonder if I am missing something.... >>>>> >>>>> Sincerely, >>>>> Ahsan >>>>> >>>>> >>>>> On Fri, Feb 12, 2010 at 7:55 AM, Jeff Chapin <[email protected] >>>>> <mailto:[email protected]>> wrote: >>>>> >>>>> You guys rock! >>>>> >>>>> Only problem I have is I am still not seeing anything new in my >>>>> logs. I >>>>> am seeing the same behavior as with the last version. >>>>> >>>>> Thank you so much for the assistance. >>>>> >>>>> Jeff >>>>> >>>>> Scott Battaglia wrote: >>>>>> I think Eric made an update to the page. Not sure if that will >>>>> help or not. >>>>> >>>>> >>>>>> On Thu, Feb 11, 2010 at 10:29 AM, Jeff Chapin >>>>>> <[email protected] >>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected] <mailto:[email protected]>>> wrote: >>>>>> I believe that log line came from this bean: >>>>>> <bean id="PasswordWarningCheckAction" >>>>>> class="org.jasig.cas.web.flow.PasswordWarningCheckAction"> >>>>>> <property name="passwordWarningCheck" >>>>>> ref="passwordWarningCheck" /> >>>>>> </bean> >>>>> >>>>>> This was documented in the link below. Am I off base? I am still >>>>>> learning how this setup works and feeling my way around. >>>>>> Jeff >>>>>> Scott Battaglia wrote: >>>>>>> I don't know much about it but there's no reason it shouldn't >>>>>> work. It >>>>>>> doesn't look like there any instructions to tell you to add it >>>>>>> to the >>>>>>> web flow though. >>>>> >>>>>>> On Wed, Feb 10, 2010 at 12:03 PM, Jeff Chapin >>>>> <[email protected] <mailto:[email protected]> >>>>>> <mailto:[email protected] <mailto:[email protected]>> >>>>>>> <mailto:[email protected] <mailto:[email protected]> >>>>> <mailto:[email protected] <mailto:[email protected]>>>> wrote: >>>>> >>>>>>> Hello, >>>>>>> I am using CAS 3.3.5, and I have tried to get LDAP password >>>>>>> policy >>>>>>> enforcement running, as per >>>>> >>>>> http://www.ja-sig.org/wiki/display/CASUM/LDAP+Password+Policy+Enforcement >>>>> . >>>>> >>>>>>> I have cranked logging as follows: >>>>>>> log4j.logger.org.jasig.cas.services=INFO >>>>>>> log4j.logger.org.jasig.cas.web.flow=DEBUG >>>>> >>>>> log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck= >>>>> DEBUG >>>>>>> log4j.logger.org.jasig.cas.adaptors=DEBUG >>>>>>> , other than that, the logging is identical to the Logging >>>>>>> page on >>>>>>> the wiki. >>>>>>> Here are the only logs that are currently appearing: >>>>>>> 2010-02-10 10:58:58,550 INFO >>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Search >>>>>> Filter: >>>>>>> 'cn=%u'> >>>>>>> 2010-02-10 10:58:58,551 INFO >>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - >>>>>>> <Expire Date >>>>>>> Attribute: 'pwdchangedtime'> >>>>>>> 2010-02-10 10:58:58,551 INFO >>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - >>>>>>> <Warning >>>>> Days >>>>>>> Attribute: 'passwordwarningdays'> >>>>>>> 2010-02-10 10:58:58,551 INFO >>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - >>>>>>> <Default >>>>>>> Warning Days: '-1'> >>>>>>> 2010-02-10 10:58:58,551 INFO >>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Date >>>>> format: >>>>>>> 'yyyyMMddHHmmss'z''> >>>>>>> 2010-02-10 10:58:58,551 INFO >>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <LDAP >>>>>>> Search >>>>>>> Base: 'cn=Users,dc=collab,dc=uni,dc=edu'> >>>>>>> 2010-02-10 10:58:58,553 DEBUG >>>>>>> [org.jasig.cas.web.flow.PasswordWarningCheckAction] - <inited >>>>>>> with >>>>> >>>>> passwordWarningChecker= >>>>> 'org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck'> >>>>> >>>>>>> As well as a mention to the bean in the following line. >>>>>>> 2010-02-10 10:58:58,771 INFO >>>>> >>>>> [org.springframework.beans.factory.support.DefaultListableBeanFactory] >>>>> - >>>>>>> <Pre-instantiating singletons in >>>>> >>>>> org.springframework.beans.factory.support.DefaultListableBeanFactory@ >>>>> 3052ce: >>>>> >>>>>>> It appears to me that the PasswordWarningCheck is not even >>>>>>> firing >>>>> -- I >>>>>>> would expect much more logging output that this. >>>>>>> As an aside, I put -1 as the Warning days, as out LDAP server >>>>>>> (Oracle >>>>>>> OID) currently only reports the time the password was last >>>>>> changed, not >>>>>>> when it expires. I have tried positive values with no difference >>>>>> in the >>>>>>> results. >>>>>>> Am I missing something, or is this code simply incompatible >>>>>>> with the >>>>>>> current CAS version? >>>>>>> Thanks, >>>>>>> Jeff >>>>> >>>>> >>> > - -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user >>> > >> This email and any attachments are confidential and intended solely >> for the use of the addressee and may contain information which is >> covered by legal, professional or other privilege. If you have >> received this email in error please notify the system manager at >> [email protected] >> . The University's computer systems may be monitored and >> communications carried on them recorded to secure the effective >> operation of the system and for other lawful purposes. > > > > - -- > Jeff Chapin, > Assistant Systems/Applications Administrator > ITS-IS, University of Northern Iowa > Phone: 319-273-3162 Email: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkt5yiIACgkQQiaEUfQoY7Sv/QCgsNvzNlIe9ZHlItyZtBz/pvvB > A88AoKyYj7kM6VOAB1XTXDE3Pw+xFxV/ > =KEoO > -----END PGP SIGNATURE----- > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > This email and any attachments are confidential and intended solely for the use of the addressee and may contain information which is covered by legal, professional or other privilege. If you have received this email in error please notify the system manager at [email protected]. The University's computer systems may be monitored and communications carried on them recorded to secure the effective operation of the system and for other lawful purposes. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
