I´ve been working during several days to integrate CASIG PM and LPPE with OpenDS.
I´ve no problems with PM (forgot password, change password) , but I find problems to map LPPE´s LDAP attributes. In OpenDS, my Password Policy looks like this: Attribute : Value(s) ------------------------------------------:-------------------------------- account-status-notification-handler : - allow-expired-password-changes : false allow-user-password-changes : true default-password-storage-scheme : Salted SHA-1 deprecated-password-storage-scheme : - expire-passwords-without-warning : false force-change-on-add : false force-change-on-reset : false grace-login-count : 0 idle-lockout-interval : 0 s last-login-time-attribute : ds-pwp-last-login-time last-login-time-format : yyyyMMddHHmmss.SSS'Z' lockout-duration : 15 m lockout-failure-count : 3 lockout-failure-expiration-interval : 0 s max-password-age : 12 w 6 d max-password-reset-age : 0 s min-password-age : 0 s password-attribute : userpassword password-change-requires-current-password : false password-expiration-warning-interval : 12 w 1 d password-generator : Random Password Generator password-history-count : 0 password-history-duration : 4 w 2 d password-validator : Length-Based Password Validator previous-last-login-time-format : - require-change-by-time : - require-secure-authentication : false require-secure-password-changes : false In cas.properties file, there are some entries to refer to LPPE settings. I´ve only set up correctly ldap.authentication.lppe.dateAttribute and ldap.authentication.lppe.dateFormat, those references "last-login-time-attribute:ds-pwp-last-login-time" and "last-login-time-format: yyyyMMddHHmmss.SSS'Z'" from my Password Policy. I debug the classes and see in LdapPasswordPolicyEnforcer.class inside the mapFromAttributes method, that there aren´t values for warningDaysAttributte, noWarnAttributte and validDaysAttributte, because I can´t define correctly ldap.authentication.lppe.noWarnAttribute, ldap.authentication.lppe.warningDaysAttribute and ldap.authentication.lppe.validDaysAttribute . For example, i try with ldap.authentication.lppe.validDaysAttribute=max-password-age but the mapper has no value. Do you know if CAS LPPE support OpenDS Password Policy? Thanks -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
