Eric Pierce wrote: > CAS doesn't use the LDAP authentication module from Spring security, it > uses the Spring LDAP package > (http://static.springsource.org/spring-ldap/docs/1.3.x/apidocs/) which > doesn't support the password policy additions to LDAP - that's why I had > to just look at the error code from the LDAP login. The detailed error > message is not getting passed up to the CAS server, but I'm not sure why > it would work for Sun DS and Active Directory and not OpenLdap.
What does "error code" mean in your implementation? The LDAPResult message contains resultCode and diagnosticMessage (called errorMessage in obsolete RFC 2251). You should not try to determine anything meaningful from diagnosticMessage since this highly depends on vendor and version of the LDAP server. It's solely meant for informational purpose (message in log file or displayed to user). For a deterministic ppolicy behaviour you SHOULD use the appropriate LDAPv3 extended controls. Ciao, Michael. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
