Hi Everybody, I am happily using CAS Server 3.4.6 in production environment with BindLdapAuthenticationHandler using OpenLDAP.
On OpenLDAP I have ppolicy (Password Policy) overlay active, to do some stuff like account locking after too much failed auth attempts. Another thing I want to have is password expiration warning, which would be most meaningful when the user authenticates with CAS. I found [1] and [2], where [2] seems more interesting, because it seems to be on the way to ?official? CAS extension module and I assumed it is more recent/active than [1]. The attempt is nice enough, although it doesn't fit in completely with OpenLDAP ppolicy, but of course I understand that would be too much OpenLDAP ppolicy specific code - anyways I can completely live with that. For cas-server-support-ldap-pwd-expiration there is no source code in trunk [3] only 2 tags for 3.4.2 and 3.3.5. Is there active development happening for cas-server-support-ldap-pwd-expiration extension? I set up CAS 3.4.2 and cas-server-support-ldap-pwd-expiration-3.4.2 in a test environment and got the issue already discussed here. log4j to debug ... <snip> [org.jasig.cas.web.flow.PasswordWarningCheckAction] - checking account status-- [org.jasig.cas.web.flow.PasswordWarningCheckAction] - Not a login attempt, skipping PasswordWarnCheck </snip> Without further debugging it seems to me only way of getting this debug trace is, when in PasswordWarningCheckAction.java in function doExecute the principal object is null. Any suggestions? Could there be something really wrong in my configuration, to let this error happen? I will try to find the problem and fix it - I want the password expiration thing in CAS working and I can spend some coding time on that. I just also wanted to know, if anyone has fixed it already and if there is active development going on. Is anyone successfully using the cas-server-support-ldap-pwd-expiration extension ... any version? Another thing I mentioned (but perhaps this is intentional) the adopted config files (spring framework and CAS) are not copied over to the resulting war when building cas-server-webapp, but of course this can (and should) be done manually. Hope someone can give me a starting point. Regards, Andreas. [1] https://wiki.jasig.org/display/CAS/Expired+Password+Integration [2] https://wiki.jasig.org/display/CASUM/LDAP+Password+Policy+Enforcement [3] https://source.jasig.org/sandbox/cas-password-policy/ -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
