Hi Andy, We are doing that here at Ulster, however we use MS Active Directory. It requires some modification to the code base, and you need to look for an LDAP return code (AD code: 773) or the AuthN attempt. This then throws an exception which modifies the web flow, forcing a page to be shown that informs the user they must change their password before being able to login. If your LDAP was capable of returning a code at AuthN point to that effect, you could easily add our modifications to implement what you are looking for.
Thanks Paul Vitty Apache/MySQL Web Platform Engineer Application Platform Delivery Information Services Directorate University of Ulster On 17 Feb 2010, at 12:32, Andy Cowling wrote: Hi We want our CAS to assist us in its initial rollout by notifying users they need to change their initial password, as set by the admins. We think we can do this using the pwd-expiration support added in CAS 3.3.2. But there's no mention in the docs that this supports the "pwdMustChange" option - implying that expired & expiring passwords. (We plan to use the "pwdMustChange" option so that OpenLDAP can report back on every bind request that a password is valid, but needs changing as it was set by an admin) Can anyone confirm the support here? Cheers Andy -- Andy Cowling | UK Core IT Interactive Data Managed Solutions Ltd ------------------------------------------------------------------------------------------------------------------------------- Suite 1101, Eagle Tower | Montpellier Drive | Cheltenham GL50 1TA | UK Tel: +44 (0)1242 6941 15 | Fax: +44 (0)1242 6941 01 [email protected]<mailto:[email protected]> http://www.interactivedata-ms.com<http://www.interactivedata-ms.com/> This message (including any files transmitted with it) may contain confidential and/or proprietary information, is the property of Interactive Data Corporation and/or its subsidiaries, and is directed only to the addressee(s). If you are not the designated recipient or have reason to believe you received this message in error, please delete this message from your system and notify the sender immediately. An unintended recipient's disclosure, copying, distribution, or use of this message or any attachments is prohibited and may be unlawful. Interactive Data (Europe) Ltd Registered No. 949387 England Registered Office: Fitzroy House 13-17 Epworth Street. London. EC2A 4DL ________________________________ This email and any attachments are confidential and intended solely for the use of the addressee and may contain information which is covered by legal, professional or other privilege. If you have received this email in error please notify the system manager at [email protected]. The University's computer systems may be monitored and communications carried on them recorded to secure the effective operation of the system and for other lawful purposes. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
