Re: [cas-user] LDAP Password Policy module problems

[Jamie L Sammons]

In the case with OpenLDAP I do believe
it is related to how the error code is retrieved from the server using
the -e ppolicy general extension.  I believe its the same issue as
seen here in this forum: http://forums.sun.com/thread.jspa?threadID=699511


Since CAS 3.4 now uses Spring Security
3.0 maybe its something that org.springframework.security.ldap.ppolicy:
 http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/ldap/ppolicy/package-summary.html
 can help with.

Thank you,
Jamie Sammons






From:
Raymond D Walker <ray.wal...@nau.edu>

To:
cas-user@lists.jasig.org

Date:
08/03/2010 09:35 AM

Subject:
Re: [cas-user] LDAP Password Policy
module problems




Jamie,

We are using SunJava Directory Server Enterprise Edition 6.3.1

We did not have issues with LDAP messages in the 3.3.5 version of cas-server-support-ldap-pwd-expiration
but are experiencing what I believe to be similar issues to what you describe
in the 3.4.2 version. 

Raymond Walker
Software Systems Engineer Sr.
ITS Northern Arizona University
ray.wal...@nau.edu
Phone 928-523-0334

On Aug 2, 2010, at 4:50 PM, Jamie L Sammons wrote:

> Raymond, 
> 
> Are you using OpenLDAP?  Just curious if you had gotten that
far with it as I'm not able to do so yet. 
> 
> Thank you,
> Jamie Sammons 
> 
> 
> From:                
Raymond D Walker <ray.wal...@nau.edu>
> To:                
cas-user@lists.jasig.org
> Date:                
08/02/2010 06:43 PM
> Subject:              
  Re: [cas-user] LDAP Password Policy module problems
> 
> 
> 
> 
> Eric,
> 
> Yep... I see the BindLdapAuthenticationHandler throwing, and the AuthenticationViaFormAction
catching it... and eventually
> hitting:
> 
>                    
                     
        if(e.getCode().equals(ExpiredPasswordException.EXPIRED_PASSWORD_CODE)){
>                    
                     
                     
   return  "showExpiredPassView";
>                    
                     
        }
> 
> but the spring webflow never triggers correctly... so for the time
being I had to modify it to explicitly do something when encountering an
expired password...
> 
>        <action-state id="realSubmit">
>                <evaluate
_expression_="authenticationViaFormAction.submit(flowRequestContext,
flowScope.credentials, messageContext)" />
>                <transition
on="showExpiredPassView" to="PasswordExpiredCheck"
/>
>                <transition
on="warn" to="warn" />
>                <transition
on="success" to="sendTicketGrantingTicket" />
>                <transition
on="error" to="viewLoginForm" />
>        </action-state>
> 
> In our case, I fire off another action in the "PasswordExpiredCheck"
state to do some more checking on the user to supply a customized URL for
our password change webapp... and eventually get to the "showExpiredPassView"
end state. I'm guessing one could as easily transition to "showExpiredPassView"
instead.
> 
> Something is definitely up with how the spring webflow is setup...
the new version of spring is still "new to me" so pardon any
mis-wording, etc.
> 
> 
> Raymond Walker
> Software Systems Engineer Sr.
> ITS Northern Arizona University
> ray.wal...@nau.edu
> On Aug 2, 2010, at 7:18 AM, Eric Pierce wrote:
> 
> > Are you sure you're using the BindLdapAuthenticationHandler included
> > with the ldap-pwd-expiration module?  It compares the result
to a
> > Regular _expression_ that should catch 'Password expired' and throws
a
> > custom exception (ExpiredPasswordException)
> > 
> > -Eric
> > 
> > On 8/1/10, Jamie Sammons <jsamm...@cds-global.com> wrote:
> >> I have also tried this with CAS 3.4.2.1 and
> >> cas-server-support-ldap-pwd-expiration-3.4.2 and it appears
to do the same
> >> thing.
> >> 
> >> It still seems like the LDAP error messages aren't making
their way up
> >> through the application for some reason.
> >> --
> >> You are currently subscribed to cas-user@lists.jasig.org
as: epie...@usf.edu
> >> To unsubscribe, change settings or access archives, see
> >> http://www.ja-sig.org/wiki/display/JSG/cas-user
> >> 
> > 
> > 
> > -- 
> > Eric Pierce
> > Identity Management Architect
> > Information Technology
> > University of South Florida
> > (813) 974-8868 -- epie...@usf.edu
> > 
> > -- 
> > You are currently subscribed to cas-user@lists.jasig.org as:
ray.wal...@nau.edu
> > To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: jsamm...@cds-global.com
> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 
> 
> 
> 
> 
> ---------------------------------------------------------
> 
> This e-mail message is intended only for the personal use of the recipient(s)
> named above. If you are not an intended recipient, you may not review,
copy or
> distribute this message. If you have received this communication in
error,
> please notify the CDS Global Help Desk (cdshelpd...@cds-global.com)
immediately
> by e-mail and delete the original message.
> 
> ---------------------------------------------------------
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: ray.wal...@nau.edu
> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: jsamm...@cds-global.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user






-- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.comTo unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user