Looks like the expiration date is java's epoch. You could, as a possible solution, modify your local ldap policy enforcer component to check for epoch and rethrow back the exception with the correct type.
Support for epoch and such is planned in the next version of LPPE: https://wiki.jasig.org/pages/viewpage.action?pageId=55543468#CAS4:LDAPPasswordPolicyEnforcement(LPPE)-SupportforCustomDateFormatters -Misagh > -----Original Message----- > From: Leszek Miś [mailto:[email protected]] > Sent: Friday, January 11, 2013 2:44 AM > To: [email protected] > Subject: Re: [cas-user] catch result: 2.16.840.1.113730.3.4.4 from RHDS > > Yes, of course. > It is a search result returned by ldapsearch for user which has > passwordexpirationdate=19700101000000Z . It's mean that user can not > log in until password change. The important thing is that this setting > is not enforcement by LDAP policy. It's as you call it: response > control. > Ldaptive sounds very interesting here - I see the opportunity to > benefit from the advantages of this project especially in similar > cases. > > Marvin, thank you very much for your reply. > > /l > > ----- Oryginalna wiadomość ----- > Od: "Marvin Addison" <[email protected]> > Do: [email protected] > Wysłane: czwartek, 10 styczeń 2013 18:14:24 > Temat: Re: [cas-user] catch result: 2.16.840.1.113730.3.4.4 from RHDS > > > The problem with catching 2.16.840.1.113730.3.4.4 is that, this is > not error code at all, but a result of search after binding - I can't > use here LDAP policy enforcement at LDAP server stage. > > Can you confirm exactly what it is? It appears to be a response control > OID, but I'm not familiar with RHDS at all. I can say that if it is, in > fact, a response control, then it's not looking good. I'm not aware of > any facility whatever in Spring LDAP for accessing response controls. > It's worth noting that the ldaptive library has a facility for > obtaining response controls; I have proposed migrating to ldaptive for > CAS LDAP integration, and this may be a relevant use case. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, > see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
