Great! thanks for posting back.
-Misagh ----- Original Message ----- From: "Steve Cook" <[email protected]> To: [email protected] Sent: Wednesday, October 16, 2013 11:42:01 AM Subject: RE: [cas-user] LPPE ldap.authentication.lppe.dateAttribute Misagh, Thanks for the reply, appreciate it! Turns out I had to modify the ldap.authentication.lppe.validDays value from the default value of 30 days to 365 days which aligns with our AD password policy. Thanks again! From: Misagh Moayyed [mailto:[email protected]] Sent: Wednesday, October 16, 2013 11:06 AM To: [email protected] Subject: Re: [cas-user] LPPE ldap.authentication.lppe.dateAttribute The error does occur when the calculates expiration date for the account is on or before the current date, which is considered an error because you really should not have been able to authenticate and continue forward with password policy checks. That said, I wonder if the status of the account has something to do with this. Can you tell if particular account flag is set, such as it being set to never expire, etc? -Misagh From: "Steve Cook" < [email protected] > To: [email protected] Sent: Tuesday, October 15, 2013 12:59:51 PM Subject: [cas-user] LPPE ldap.authentication.lppe.dateAttribute I am trying to get version 3.5.2 with LPPE working against Active Directory. When I point ldap.authentication.lppe.dateAttribute to the pwdlastset attribute CAS bombs out with the following below. Any advice on how to get this work would be appreciated. 2013-10-15 15:03:43,423 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Recalculated ActiveDirectory pwdLastSet attribute to 2013-06-04T16:23:46.000Z> 2013-10-15 15:03:43,424 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Current date is 2013-10-15T19:03:43.424Z> 2013-10-15 15:03:43,425 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Expiration date is 2013-09-02T16:23:46.000Z> 2013-10-15 15:03:43,446 ERROR [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Authentication failed because account password has expired with -43 to expiration date. Verify the value of the pwdLastSet attribute and make sure it's not before the current date, which is 2013-10-15T19:03:43.424Z> :Authentication failed because account password has expired with -43 to expiration date. Verify the value of the pwdLastSet attribute and make sure it's not before the current date, which is 2013-10-15T19:03:43.424Z Thanks, Steve -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
