Yes, of course. It is a search result returned by ldapsearch for user which has passwordexpirationdate=19700101000000Z . It's mean that user can not log in until password change. The important thing is that this setting is not enforcement by LDAP policy. It's as you call it: response control. Ldaptive sounds very interesting here - I see the opportunity to benefit from the advantages of this project especially in similar cases.
Marvin, thank you very much for your reply. /l ----- Oryginalna wiadomość ----- Od: "Marvin Addison" <[email protected]> Do: [email protected] Wysłane: czwartek, 10 styczeń 2013 18:14:24 Temat: Re: [cas-user] catch result: 2.16.840.1.113730.3.4.4 from RHDS > The problem with catching 2.16.840.1.113730.3.4.4 is that, this is not error > code at all, but a result of search after binding - I can't use here LDAP > policy enforcement at LDAP server stage. Can you confirm exactly what it is? It appears to be a response control OID, but I'm not familiar with RHDS at all. I can say that if it is, in fact, a response control, then it's not looking good. I'm not aware of any facility whatever in Spring LDAP for accessing response controls. It's worth noting that the ldaptive library has a facility for obtaining response controls; I have proposed migrating to ldaptive for CAS LDAP integration, and this may be a relevant use case. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
