Hello,I was about to put my LPPE enabled CAS 3.5 into production when I tested a login with an account which have "Password never expires" : access is refused ! From my server log :
2012-08-24 15:07:57,903 ERROR [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - Authentication failed because account password has expired with -831 to expiration date. Verify the value of the pwdlastset attribute and make sure it's not before the current date, which is 2012-08-24T13:07:57.890Z :Authentication failed because account password has expired with -831 to expiration date. Verify the value of the pwdlastset attribute and make sure it's not before the current date, which is 2012-08-24T13:07:57.890Z
of course computed date is before today... because "password does not expire" flag is set for this account.
I've found a noWarnAttribute property for LdapPasswordPolicyEnforcer but it does not fit well with userAccountControl AD attribute (bitmask, the 16th bit means "password does not expire"). If I would use it as noWarnAttribute, I'll have to provide all possibles values which is nearly impossible.
How can I handle this case ? Thanks. Regards. -- Philippe MARASSE Service Informatique - Centre Hospitalier Henri Laborit BP 587 - 370 avenue Jacques Coeur 86021 Poitiers Cedex Tel : 05.49.44.57.19
smime.p7s
Description: Signature cryptographique S/MIME
