> Is there any interest in implementing the functionality of this
module into the main sources?
Yes. Very much so. For some reasonable meaning of "into the main
sources".
I could see it as a an extension as productized and easy to implement as
ClearPass. I could also see it as a core CAS module alongside the other
core included CAS modules, perhaps even with these password policy
checks in the CAS login web flow by default but doing nothing in the
case where no implementation of the password policy API is available,
assuming buy-in of CAS committers on the value of the feature versus its
complexity cost. I'll start a thread on cas-dev on this topic.
Your changes all sound welcome improvements. Can you share the source?
I'd love to merge your improvements in as the basis of a more
productized update to this module, whether the next answer here is
polishing an extension module ala ClearPass or inlining the
functionality into CAS.
Thanks,
Andrew
On 01/25/2011 05:02 AM, Felix Schumacher wrote:
Hi,
we have use ldap-pwd-expiration module as a starting point to
implement warnings and a short webflow to change passwords if the user
has a password, which is short of expiring.
There were a few things, which we did differently than shown in the wiki.
1. We started with placing the module inside the checked out svn
sources and edited the pom.xml directly to include it.
While that seemed to work - it created a jar file with the classes
inside - the war file of our overlay build hat a few problems.
a) The needed "principal" could not be found by the webflow, since
b) ldap-pwd-expiration changed a few central classes while
remaining the old classnames.
Those two things were a result of ordering of the jar-files in
WEB-INF/lib/. Tomcat will use the first class for a given name, that
it finds in the classloader. (We could have solved it by renaming
ldap-pwd-expiration jar to start with aa- or something like that. But
that seems a bit flakey.
2. We changed the webflow of ldap-pwd-expiration as suggested by
another thread on this list, to leave out the "viewScope" out of the
new end-states.
3. We changed the code, which parses the ldap exception messages, so
it can be configured by spring. We don't use ads and our ldap server
has different error messages.
4. As a result we copied all files from the ldap-pwd-expiration module
into our overlay directory and changed the names of the classes, to
avoid classloader problems.
5. (There is a minor bug in the original source. It will overwrite the
instance variable validDays with user specific values)
Is there any interest in implementing the functionality of this module
into the main sources?
Any thoughts?
Felix
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
