Hi Daniel, So you basically saying that CAS does using using the ppolicy request control in order to generate different result code for user locked account?
Thanks. -----Original Message----- From: Daniel Fisher [mailto:[email protected]] Sent: Monday, January 13, 2014 7:41 PM To: [email protected] Subject: Re: [cas-user] Cas not using ppolicy response control. I looked over the LPPE implementation and didn't see anything specific to ppolicy. So I wouldn't say it's a bug, it's just not there yet. Marvin and I will set aside some time this week to document the configuration and will supply any necessary patches to 4.0-RC3 to support ppolicy. You shouldn't need to do any coding to use this feature. --Daniel Fisher On Mon, Jan 13, 2014 at 6:30 AM, Idan Fridman <[email protected]> wrote: > Hi, > > Sorry for bugging on this one. > > But if no one answering I assume there is a bug? > > > > Thanks. > > > > ----- Reply message ----- > From: "ray" <[email protected]> > To: "[email protected]" <[email protected]> > Subject: [cas-user] Cas not using ppolicy response control. > Date: Mon, Jan 6, 2014 09:35 > > > > Hi, > I use ppolicy overlay and enabled ppolicy_use_lockout to separate > between invalid password and locked accounts on openldap. > > database bdb > suffix "dc=openiam,dc=com" > rootdn "cn=Manager,dc=openiam,dc=com" > rootpw "{SSHA}2ttRoo/t5HuMT2nPxtI6goVUML5R2H9h" > # PPolicy Configuration > overlay ppolicy > ppolicy_default "cn=default,ou=policies,dc=openiam,dc=com" > ppolicy_use_lockout > ppolicy_hash_cleartext > I tried to lock a user account by entering a wrong password couple of > times > (pwdMaxFailure) > > The user is being locked but when I try to login again I still get the > same > error: > > Invalid credentials (49) > > the slapo-ppolicy(5) main page states quite clearly that > ppolicy_use_lockout only affects the ppolicy response control. CAS > must Bind using the ppolicy request control in order to generate this result > code. > Is cas binding this way? > > thanks. > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > This e-mail and the information it contains may be privileged and/or > confidential. It is intended solely for the use of the named recipient(s). > If you are not the intended recipient you may not disclose, copy, > distribute or retain any part of this message or attachments. If you > have received this e-mail in error please notify the sender > immediately [by clicking 'Reply'] and delete this e-mail. > > This e-mail and the information it contains may be privileged and/or > confidential. It is intended solely for the use of the named recipient(s). > If you are not the intended recipient you may not disclose, copy, > distribute or retain any part of this message or attachments. If you > have received this e-mail in error please notify the sender > immediately [by clicking 'Reply'] and delete this e-mail. > > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user This e-mail and the information it contains may be privileged and/or confidential. It is intended solely for the use of the named recipient(s). If you are not the intended recipient you may not disclose, copy, distribute or retain any part of this message or attachments. If you have received this e-mail in error please notify the sender immediately [by clicking 'Reply'] and delete this e-mail. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
