I am assuming that the attributes that are based on days for instance, are calculated and added to a different attribute such as "passwordLastChanged" and the like, etc? If that is so, you could specify that attribute as the password expiration date and specify the name of the attribute for the "validDays" property which will be added to the date retrieved to calculate the final expiration date, etc.
-Misagh From: Lazar, Michael E [mailto:[email protected]] Sent: Monday, October 22, 2012 1:55 PM To: [email protected] Subject: [cas-user] CAS 3.5.1, LDAP, LPPE, and datetime values Hello! We are working with LPPE on a CAS 3.5.1 war overlay. CAS is connected to our LDAP instance, which is a sun directory with values that started with an OpenLDAP installation. I have a CAS instance running locally, connected to eclipse to pursue debugging. We use attributes shadowWarning, shadowMax, and shadowLastChange which are fields that are in days from epoch. We also store a value that is in seconds from the epoch. When I entered these values into the cas.properties, the system authenticated me and then went straight to the error flow, so I started digging. It seems that I am having trouble convincing the LdapPasswordPolicyEnforcer code to accept our values as seconds or days from the epoch. the setting ldap.authentication.lppe.dateAttribute seems to be expecting a value that is either an AD representation of the last password change dttm or something in an actual datetime format. Epoch days or seconds are neither. Is there anyone out there with information about using DateTimeFormat.forPattern() method with a string for days or seconds since epoch, or should I be requesting (or writing) a new method or two to handle days or seconds from epoch? Let me know, here is the mentioned code, from LdapPasswordPolicyEnforcer.java, lines 374 to 396. Happy to help, and thanks in advance! -Michael. private DateTime convertDateToActiveDirectoryFormat(final String pswValue) { final long l = Long.parseLong(pswValue.trim()); final long totalSecondsSince1601 = l / 10000000; final long totalSecondsSince1970 = totalSecondsSince1601 - TOTAL_SECONDS_FROM_1601_1970; final DateTime dt = new DateTime(totalSecondsSince1970 * 1000, DEFAULT_TIME_ZONE); logInfo("Recalculated " + this.dateFormat + " " + this.dateAttribute + " attribute to " + dt.toString()); return dt; } /** * Parses and formats the retrieved date value from Ldap * @param ldapResult * @return newly constructed date object whose value was passed */ private DateTime formatDateByPattern(final String ldapResult) { final DateTimeFormatter fmt = DateTimeFormat.forPattern(this.dateFormat); final DateTime date = new DateTime(DateTime.parse(ldapResult, fmt), DEFAULT_TIME_ZONE); return date; } -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
