Hello,I'm testing the new implementation of LPPE provided with CAS 3.5.0. I've followed LPPE Wiki page but I ran into a few issues : - 2 messages are missing from all messages_xx.properties : screen.accountlocked.heading & screen.accountlocked.message referenced in /WEB-INF/view/jsp/default/ui/casAccountLockedView.jsp (should I open a JIRA for that ?)
- I always get "WARN [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - No entry was found for user testpm. Verify your LPPE settings. If you are not using LPPE, set the 'enabled' property to false. Password policy enforcement is currently turned on but not configured."
Although the very same query is done by authentication handler successfully ?? from lppe-configuration.xml :<bean id="ldapPasswordPolicyEnforcer" class="org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer">
<property name="searchBase" value="${ldap.baseDn}" />
<property name="contextSource" ref="searchContextSource" />
<property name="filter" value="${ldap.filter}" />
<property name="ignorePartialResultException" value="yes" />
<property name="warnAll" value="${ldap.authentication.lppe.warnAll}" />
<property name="dateFormat" value="${ldap.authentication.lppe.dateFormat}"
/>
<property name="dateAttribute"
value="${ldap.authentication.lppe.dateAttribute}" />
<!-- <property name="warningDaysAttribute"
value="${ldap.authentication.lppe.warningDaysAttribute}" />
<property name="validDaysAttribute"
value="${ldap.authentication.lppe.validDaysAttribute}" /> -->
<property name="warningDays" value="${ldap.authentication.lppe.warningDays}"
/>
<property name="validDays" value="${ldap.authentication.lppe.validDays}"
/>
<property name="noWarnAttribute"
value="${ldap.authentication.lppe.noWarnAttribute}" />
<property name="noWarnValues"
value="${ldap.authentication.lppe.noWarnValues}" />
</bean>
<bean id="lppeEnabledLdapAuthenticationHandler"
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
p:filter="${ldap.filter}"
p:searchBase="${ldap.baseDn}"
p:contextSource-ref="authContextSource"
p:searchContextSource-ref="searchContextSource"
p:ignorePartialResultException="yes">
my old ldap authentication handler was :
<bean id="ldapHandler"
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
p:searchContextSource-ref="searchContextSource"
p:contextSource-ref="authContextSource"
p:filter="${ldap.filter}"
p:searchBase="${ldap.baseDn}"
p:ignorePartialResultException="yes" />
The only attribute I can rely upon is pwdLastSet, as with active directory, in the user
record, there is no attribute like warningDaysAttribute nor validDaysAttribute.
The target installation will be :
- 2xCAS servers on Tomcat 7.0 with HA & EhCache Ticket Registries
- Active Directory 2008R2 as authentication source (kerberos + ldap) and
attributes source
- Actual "temporary" authentication schemes :
- internal clients : X509 / SPNEGO / Login/Password
- external clients : X509 / Login/Password
Can anyone help me to solve this issue ?
Thanks.
--
Philippe MARASSE
Service Informatique - Centre Hospitalier Henri Laborit
BP 587 - 370 avenue Jacques Coeur
86021 Poitiers Cedex
Tel : 05.49.44.57.19
smime.p7s
Description: Signature cryptographique S/MIME
