Hi George, Sorry about the much belated response. As far as UAC goes, my understanding with AD in CAS-pm is that it reflects the status of a single account. This isn't something you actually can assign a value to, but through the AD management console you can configure and set up a number of options for the account based on which the AD server would calculate the right combination of flags for the account and assign it to the UAC attribute. In the CAS-pm configuration, you shouldn't have to provide an explicit value, but simply indicate the attribute's name and the module will attempt to find and interpret its value for password-related services.
Now admittedly, I am not yet 100% up to date on the CAS-pm functionality just yet but at some point I intend to circle back and review the codebase a bit more to clarify some of settings and configurations, or perhaps even provide a small CAS overlay that has everything wired up. If you have made progress and would like to share, I'd be more than glad to assist with documentation and or reviews of your changes such that they could find their way into the original codebase on github. Regards, -Misagh P.S; I know the module is in use by a several other CAS adopters so perhaps we could all benefit from sharing a sample configuration. From: George Beitis [mailto:[email protected]] Sent: Thursday, February 21, 2013 2:13 AM To: [email protected] Subject: RE: [cas-user] cas-password-manager question Hi Misagh, Quick question: is this attribute meant to reflect the current state of all accounts? what the system can do with the account? Or what this attribute will be set to once changes have been applied to this account? i.e. if I want the password to never expire to set the value to 0x00010000? Or if I want nothing to happen to set it to 0x00000000? George From: Misagh Moayyed [mailto:[email protected]] Sent: Wednesday, February 20, 2013 7:38 PM To: [email protected] Subject: RE: [cas-user] cas-password-manager question Should I be placing values for these by defining the pm.ldap.server.{} attributes inside the cas.properties file? Yes. Also, any clue as to what value is expected for uacAttribute? This should be the user account control attribute name in AD. See this please: http://msdn.microsoft.com/en-us/library/windows/desktop/ms680832(v=vs.85). aspx -Misagh From: George Beitis [mailto:[email protected]] Sent: Wednesday, February 20, 2013 1:12 AM To: [email protected] Subject: [cas-user] cas-password-manager question Dear all, Having some trouble configuring the Unicon cas-password-manager extention with an Active Directory server. Specifically spring-configuration/passwordManagerContext contains the following attributes which are not configured anywhere. Should I be placing values for these by defining the pm.ldap.server.{} attributes inside the cas.properties file? Also, any clue as to what value is expected for uacAttribute? <property name="passwordWarnAgeDays" value="${pm.ldap.server.ad.password.warn.days}"/> <property name="maxPwdAgeAttribute" value="${pm.ldap.server.ad.attr.max-pwd-age}"/> <property name="uacAttribute" value="${pm.ldap.server.ad.attr.uac}"/> <property name="pwdLastSetAttribute" value="${pm.ldap.server.ad.attr.pwd-last-set}"/> <property name="timeBetweenMaxPwdAgeRefreshSeconds" value="${pm.ldap.server.ad.cache.value.max-pwd-age}"/> George -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
