Hello all, We are currently in our testing phase with CAS, and in our testing we are noticing some unusual behavior (at least in our minds). We have values for password expiration set as shadowMax and shadowLastChange. There are situations where a user on our campus will not have their password expired.
Because of this reason we have set the parameter ldap.authentication.lppe.validDays=999999 days. The first time we tried logging in a user who has shadowLastChange and shadowMax missing, I got an LdapPasswordPolicyEnforcementException, since this value came to the java class as null. I made a change to the class, setting the password last change date to 0. So when I start cas, and log in with this user (the one without shadowLastChange or shadowMax) I see the values in the log that I entered in the configuration file. When we log in as myself, a user who *has* these fields, I see in the logs that cas is picking these values up. So far so good. Now I log in again as the user without those fields, and the values that were found under my account are now being applied to this account instead. Has anyone out there experienced this or is this expected behavior for CAS? This logic isn't quite working out as we had hoped. The behavior I would expect is that LPPE would check each user and go with the default value if that particular user does not have a value assigned. I thought I would send a note out to the community as I start to hit the debugger wondering "why's it doing that?" Hope this makes sense. Thanks all! -Michael. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
