The error does occur when the calculates expiration date for the account is on or before the current date, which is considered an error because you really should not have been able to authenticate and continue forward with password policy checks. That said, I wonder if the status of the account has something to do with this. Can you tell if particular account flag is set, such as it being set to never expire, etc?
-Misagh ----- Original Message ----- From: "Steve Cook" <[email protected]> To: [email protected] Sent: Tuesday, October 15, 2013 12:59:51 PM Subject: [cas-user] LPPE ldap.authentication.lppe.dateAttribute I am trying to get version 3.5.2 with LPPE working against Active Directory. When I point ldap.authentication.lppe.dateAttribute to the pwdlastset attribute CAS bombs out with the following below. Any advice on how to get this work would be appreciated. 2013-10-15 15:03:43,423 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Recalculated ActiveDirectory pwdLastSet attribute to 2013-06-04T16:23:46.000Z> 2013-10-15 15:03:43,424 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Current date is 2013-10-15T19:03:43.424Z> 2013-10-15 15:03:43,425 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Expiration date is 2013-09-02T16:23:46.000Z> 2013-10-15 15:03:43,446 ERROR [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Authentication failed because account password has expired with -43 to expiration date. Verify the value of the pwdLastSet attribute and make sure it's not before the current date, which is 2013-10-15T19:03:43.424Z> :Authentication failed because account password has expired with -43 to expiration date. Verify the value of the pwdLastSet attribute and make sure it's not before the current date, which is 2013-10-15T19:03:43.424Z Thanks, Steve -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
