- 2 messages are missing from all messages_xx.properties : screen.accountlocked.heading & screen.accountlocked.message
Please see https://issues.jasig.org/browse/CAS-1126 - I always get "WARN" [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] I do agree that the error message you receive is confusing and in fact incorrect. (There is no 'enabled' property). The issue you describe though has to with the fact that the userid cannot be located in the ldap instance. My initial suspicion is that your context source maybe different for the LPPE bean that what it is for the authN bean. > record, there is no attribute like warningDaysAttribute nor validDaysAttribute. The configuration allows you to set defaults, in case no attributes are available. See "warningDays" and "validDays". A sample configuration of LPPE: https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp /WEB-INF/unused-spring-configuration/lppe-configuration.xml Planned LPPE improvements: https://issues.jasig.org/browse/CAS-1121 Regards, -Misagh > -----Original Message----- > From: Philippe MARASSE [mailto:[email protected]] > Sent: Tuesday, August 21, 2012 8:47 AM > To: [email protected] > Subject: [cas-user] Some issues with CAS LPPE > > Hello, > > I'm testing the new implementation of LPPE provided with CAS 3.5.0. I've > followed LPPE > Wiki page but I ran into a few issues : > - 2 messages are missing from all messages_xx.properties : > screen.accountlocked.heading > & screen.accountlocked.message referenced in > /WEB-INF/view/jsp/default/ui/casAccountLockedView.jsp (should I open a JIRA > for that ?) > > - I always get "WARN > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - No > entry was found for user testpm. Verify your LPPE settings. If you are not > using LPPE, set > the 'enabled' property to false. Password policy enforcement is currently > turned on but > not configured." > > Although the very same query is done by authentication handler successfully > ?? > > from lppe-configuration.xml : > <bean id="ldapPasswordPolicyEnforcer" > class="org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer"> > <property name="searchBase" value="${ldap.baseDn}" /> > <property name="contextSource" ref="searchContextSource" /> > <property name="filter" value="${ldap.filter}" /> > <property name="ignorePartialResultException" value="yes" /> > <property name="warnAll" value="${ldap.authentication.lppe.warnAll}" > /> > <property name="dateFormat" > value="${ldap.authentication.lppe.dateFormat}" /> > <property name="dateAttribute" > value="${ldap.authentication.lppe.dateAttribute}" /> > <!-- <property name="warningDaysAttribute" > value="${ldap.authentication.lppe.warningDaysAttribute}" /> > <property name="validDaysAttribute" > value="${ldap.authentication.lppe.validDaysAttribute}" /> --> > <property name="warningDays" > value="${ldap.authentication.lppe.warningDays}" /> > <property name="validDays" > value="${ldap.authentication.lppe.validDays}" /> > <property name="noWarnAttribute" > value="${ldap.authentication.lppe.noWarnAttribute}" /> > <property name="noWarnValues" > value="${ldap.authentication.lppe.noWarnValues}" /> > </bean> > > <bean id="lppeEnabledLdapAuthenticationHandler" > class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" > p:filter="${ldap.filter}" > p:searchBase="${ldap.baseDn}" > p:contextSource-ref="authContextSource" > p:searchContextSource-ref="searchContextSource" > p:ignorePartialResultException="yes"> > > my old ldap authentication handler was : > <bean id="ldapHandler" > class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" > p:searchContextSource-ref="searchContextSource" > p:contextSource-ref="authContextSource" > p:filter="${ldap.filter}" > p:searchBase="${ldap.baseDn}" > p:ignorePartialResultException="yes" /> > > The only attribute I can rely upon is pwdLastSet, as with active directory, > in the user > record, there is no attribute like warningDaysAttribute nor > validDaysAttribute. > > The target installation will be : > - 2xCAS servers on Tomcat 7.0 with HA & EhCache Ticket Registries > - Active Directory 2008R2 as authentication source (kerberos + ldap) and > attributes source > - Actual "temporary" authentication schemes : > - internal clients : X509 / SPNEGO / Login/Password > - external clients : X509 / Login/Password > > Can anyone help me to solve this issue ? > Thanks. > > -- > Philippe MARASSE > > Service Informatique - Centre Hospitalier Henri Laborit > BP 587 - 370 avenue Jacques Coeur > 86021 Poitiers Cedex > Tel : 05.49.44.57.19 > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
