Authentication works to active directory but no lppe settings seem to be
read. I expect to get a warning message.
I have know idea how to turn on org.ldaptive.controls trace.
deployerConfigContext.xml
...
<bean id="ldapAuthenticationHandler"
class="org.jasig.cas.authentication.LdapAuthenticationHandler"
p:principalIdAttribute="sAMAccountName"
p:passwordPolicyConfiguration-ref="passwordPolicy">
<constructor-arg ref="authenticator" />
<property name="principalAttributeMap">
<map>
<!--
| This map provides a simple attribute resolution mechanism.
| Keys are LDAP attribute names, values are CAS attribute
names.
| Use this facility instead of a PrincipalResolver if LDAP is
| the only attribute source.
-->
<entry key="displayName" value="displayName" />
<entry key="mail" value="mail" />
<entry key="memberOf" value="memberOf" />
</map>
</property>
</bean>
<!-- c:resolver-ref="dnResolver"
c:handler-ref="authHandler"> -->
<bean id="authenticator" class="org.ldaptive.auth.Authenticator"
c:resolver-ref="dnResolver"
c:handler-ref="authHandler">
<property name="authenticationResponseHandlers">
<list>
<bean
class="org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler"
/>
</list>
</property>
</bean>
<!--
| The following DN format works for many directories, but may need to be
| customized.
-->
<bean id="dnResolver" class="org.ldaptive.auth.PooledSearchDnResolver"
p:baseDn="${ldap.baseDn}"
p:allowMultipleDns="false"
p:subtreeSearch="true"
p:connectionFactory-ref="searchPooledLdapConnectionFactory"
p:userFilter="${ldap.authn.searchFilter}" />
<bean id="searchPooledLdapConnectionFactory"
class="org.ldaptive.pool.PooledConnectionFactory"
p:connectionPool-ref="searchConnectionPool" />
<bean id="searchConnectionPool" parent="abstractConnectionPool"
p:connectionFactory-ref="searchConnectionFactory" />
<bean id="searchConnectionFactory"
class="org.ldaptive.DefaultConnectionFactory"
p:connectionConfig-ref="searchConnectionConfig" />
<bean id="searchConnectionConfig" parent="abstractConnectionConfig"
p:connectionInitializer-ref="bindConnectionInitializer" />
<bean id="bindConnectionInitializer"
class="org.ldaptive.BindConnectionInitializer"
p:bindDn="${ldap.authn.managerDN}">
<property name="bindCredential">
<bean class="org.ldaptive.Credential"
c:password="${ldap.authn.managerPassword}" />
</property>
</bean>
<bean id="abstractConnectionPool" abstract="true"
class="org.ldaptive.pool.BlockingConnectionPool"
init-method="initialize"
p:poolConfig-ref="ldapPoolConfig"
p:blockWaitTime="${ldap.pool.blockWaitTime}"
p:validator-ref="searchValidator"
p:pruneStrategy-ref="pruneStrategy" />
<bean id="abstractConnectionConfig" abstract="true"
class="org.ldaptive.ConnectionConfig"
p:ldapUrl="${ldap.url}"
p:connectTimeout="${ldap.connectTimeout}"
p:useStartTLS="${ldap.useStartTLS}"
p:sslConfig-ref="sslConfig" />
<bean id="ldapPoolConfig" class="org.ldaptive.pool.PoolConfig"
p:minPoolSize="${ldap.pool.minSize}"
p:maxPoolSize="${ldap.pool.maxSize}"
p:validateOnCheckOut="${ldap.pool.validateOnCheckout}"
p:validatePeriodically="${ldap.pool.validatePeriodically}"
p:validatePeriod="${ldap.pool.validatePeriod}" />
<bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
<property name="credentialConfig">
<bean class="org.ldaptive.ssl.KeyStoreCredentialConfig"
p:keyStore="${ldap.trustedCert}"
p:keyStoreType="JKS"
p:keyStorePassword="changeit" />
</property>
</bean>
<bean id="pruneStrategy" class="org.ldaptive.pool.IdlePruneStrategy"
p:prunePeriod="${ldap.pool.prunePeriod}"
p:idleTime="${ldap.pool.idleTime}" />
<bean id="searchValidator" class="org.ldaptive.pool.SearchValidator" />
<bean id="authHandler"
class="org.ldaptive.auth.PooledBindAuthenticationHandler"
p:connectionFactory-ref="bindPooledLdapConnectionFactory" />
<bean id="bindPooledLdapConnectionFactory"
class="org.ldaptive.pool.PooledConnectionFactory"
p:connectionPool-ref="bindConnectionPool" />
<bean id="bindConnectionPool" parent="abstractConnectionPool"
p:connectionFactory-ref="bindConnectionFactory" />
<bean id="bindConnectionFactory"
class="org.ldaptive.DefaultConnectionFactory"
p:connectionConfig-ref="bindConnectionConfig" />
<bean id="bindConnectionConfig" parent="abstractConnectionConfig" />
</beans>
lppe-configuration.xml
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:p="http://www.springframework.org/schema/p";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd";>
<!--
| Sample LDAP password policy configuration.
| There are notable configuration requirements for LDAP components
required for password policy
| depending on the directory (Active Directory, OpenLDAP, etc).
| See CAS documentation for more information.
-->
<bean id="passwordPolicy"
class="org.jasig.cas.authentication.support.LdapPasswordPolicyConfiguration"
p:alwaysDisplayPasswordExpirationWarning="${password.policy.warnAll}"
p:passwordWarningNumberOfDays="${password.policy.warningDays}"
p:passwordPolicyUrl="${password.policy.url}"
p:accountStateHandler-ref="accountStateHandler" />
<!-- This component is suitable for most cases but can be replaced with a
custom component for special cases. -->
<bean id="accountStateHandler"
class="org.jasig.cas.authentication.support.DefaultAccountStateHandler" />
</beans>
On Mon, Feb 23, 2015 at 3:11 PM, Daniel Fisher <[email protected]> wrote:
> Can you share some specific details on what's not working for you?
>
> --Daniel Fisher
>
> On Mon, Feb 23, 2015 at 2:49 PM, Jim Price <[email protected]>
> wrote:
>
>> Did you ever find a solution for this?
>>
>> On Friday, December 12, 2014 at 5:06:04 AM UTC-5, Antoine L wrote:
>>>
>>> I installed cas 4 with ldap ( I use AD), it works. Now I want add LPPE,
>>> it works for an account disabled or for invalid logon hours but not all
>>> regardings password. Everytime, I have invalid credentials. I followed the
>>> instruction from http://jasig.github.io/cas/4.0.0/installation/LDAP-
>>> Authentication.html.I found tutorials for lppe configuration only for
>>> cas 3.5
>>>
>>>
>>>
>>> ========================================== log file
>>> =============================================================
>>>
>>> 2014-12-12 09:30:40,220 INFO [org.ldaptive.auth.Authenticator] -
>>> <Authentication failed for dn: [email protected]>
>>> 2014-12-12 09:30:40,232 DEBUG [org.ldaptive.auth.Authenticator] -
>>> <authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@
>>> 1841077166::connection=[org.ldaptive.DefaultConnectionFactory$
>>> DefaultConnection@325586398::config=[org.ldaptive.
>>> ConnectionConfig@1213704814::ldapUrl=ldap://ad.test.local,
>>> connectTimeout=3000, responseTimeout=-1, sslConfig=[org.ldaptive.ssl.
>>> SslConfig@1937129692::credentialConfig=[org.ldaptive.ssl.
>>> X509CredentialConfig@1821596917::trustCertificates=file:/etc/pki/certificate.pem,
>>> authenticationCertificate=null, authenticationKey=null],
>>> trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
>>> handshakeCompletedListeners=null], useSSL=false, useStartTLS=false,
>>> connectionInitializer=null], providerConnectionFactory=[
>>> org.ldaptive.provider.jndi.JndiConnectionFactory@1650575248::connectionCount=1,
>>> environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
>>> com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
>>> providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@24441190::
>>> operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN],
>>> properties={}, connectionStrategy=DEFAULT, environment=null,
>>> tracePackets=null, removeDnUrls=true,
>>> searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED,
>>> SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null,
>>> hostnameVerifier=null, controlProcessor=org.ldaptive.
>>> provider.ControlProcessor@24946049]], providerConnection=org.
>>> ldaptive.provider.jndi.JndiConnection@93d6b62], result=false,
>>> resultCode=INVALID_CREDENTIALS,
>>> message=javax.naming.AuthenticationException:
>>> [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment:
>>> AcceptSecurityContext error, data 701, v2580], controls=null] for
>>> [email protected] with
>>> request=[org.ldaptive.auth.AuthenticationRequest@1733595237::user=bob,
>>> retAttrs=[sAMAccountName, displayName, sAMAccountName,
>>> eduPersonAffiliation, groupMembership]]>
>>> 2014-12-12 09:30:40,233 INFO [org.jasig.cas.authentication.
>>> PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler failed
>>> authenticating bob+password>
>>> 2014-12-12 09:30:40,242 INFO
>>> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
>>> - <Audit trail record BEGIN
>>>
>>>
>>> ================================== deployerConfigContext
>>> ============================================
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>
>>> <!--
>>>
>>> Licensed to Jasig under one or more contributor license
>>> agreements. See the NOTICE file distributed with this work
>>> for additional information regarding copyright ownership.
>>> Jasig licenses this file to you under the Apache License,
>>> Version 2.0 (the "License"); you may not use this file
>>> except in compliance with the License. You may obtain a
>>> copy of the License at the following location:
>>>
>>> http://www.apache.org/licenses/LICENSE-2.0
>>>
>>> Unless required by applicable law or agreed to in writing,
>>> software distributed under the License is distributed on an
>>> "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
>>> KIND, either express or implied. See the License for the
>>> specific language governing permissions and limitations
>>> under the License.
>>>
>>> -->
>>> <!--
>>> | deployerConfigContext.xml centralizes into one file some of the
>>> declarative configuration that
>>> | all CAS deployers will need to modify.
>>> |
>>> | This file declares some of the Spring-managed JavaBeans that make up a
>>> CAS deployment.
>>> | The beans declared in this file are instantiated at context
>>> initialization time by the Spring
>>> | ContextLoaderListener declared in web.xml. It finds this file because
>>> this
>>> | file is among those declared in the context parameter
>>> "contextConfigLocation".
>>> |
>>> | By far the most common change you will need to make in this file is to
>>> change the last bean
>>> | declaration to replace the default authentication handler with
>>> | one implementing your approach for authenticating usernames and
>>> passwords.
>>> +-->
>>>
>>> <beans xmlns="http://www.springframework.org/schema/beans";
>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>>> xmlns:p="http://www.springframework.org/schema/p";
>>> xmlns:c="http://www.springframework.org/schema/c";
>>> xmlns:tx="http://www.springframework.org/schema/tx";
>>> xmlns:util="http://www.springframework.org/schema/util";
>>> xmlns:sec="http://www.springframework.org/schema/security";
>>> xmlns:context="http://www.springframework.org/schema/context";
>>> xsi:schemaLocation="http://www.springframework.org/schema/beans
>>> http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
>>> http://www.springframework.org/schema/tx
>>> http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
>>> http://www.springframework.org/schema/security
>>> http://www.springframework.org/schema/security/spring-security-3.2.xsd
>>> http://www.springframework.org/schema/context
>>> http://www.springframework.org/schema/context/spring-context-3.0.xsd
>>> http://www.springframework.org/schema/util
>>> http://www.springframework.org/schema/util/spring-util.xsd";>
>>> <context:component-scan base-package="org.jasig.cas" />
>>> <context:component-scan base-package="org.jasig.cas.authentication"
>>> />
>>>
>>>
>>> <!--
>>> | The authentication manager defines security policy for
>>> authentication by specifying at a minimum
>>> | the authentication handlers that will be used to authenticate
>>> credential. While the AuthenticationManager
>>> | interface supports plugging in another implementation, the
>>> default PolicyBasedAuthenticationManager should
>>> | be sufficient in most cases.
>>> +-->
>>> <bean id="authenticationManager" class="org.jasig.cas.
>>> authentication.PolicyBasedAuthenticationManager">
>>> <constructor-arg>
>>> <map>
>>> <!--
>>> | IMPORTANT
>>> | Every handler requires a unique name.
>>> | If more than one instance of the same handler class
>>> is configured, you must explicitly
>>> | set its name to something other than its default
>>> name (typically the simple class name).
>>> -->
>>> <entry key-ref="proxyAuthenticationHandler"
>>> value-ref="proxyPrincipalResolver"
>>> />
>>> <entry key-ref="ldapAuthenticationHandler"
>>> value-ref="primaryPrincipalResolver"
>>> />
>>> </map>
>>> </constructor-arg>
>>>
>>>
>>> <!-- Uncomment the metadata populator to allow clearpass to
>>> capture and cache the password
>>> This switch effectively will turn on clearpass.-->
>>> <property name="authenticationMetaDataPopulators">
>>> <util:list>
>>> <bean class="org.jasig.cas.extension.clearpass.
>>> CacheCredentialsMetaDataPopulator"
>>> c:credentialCache-ref="encryptedMap" />
>>> </util:list>
>>> </property>
>>>
>>>
>>> <!--
>>> | Defines the security policy around authentication. Some
>>> alternative policies that ship with CAS:
>>> |
>>> | * NotPreventedAuthenticationPolicy - all credential must
>>> either pass or fail authentication
>>> | * AllAuthenticationPolicy - all presented credential must
>>> be authenticated successfully
>>> | * RequiredHandlerAuthenticationPolicy - specifies a
>>> handler that must authenticate its credential to pass
>>> -->
>>> <property name="authenticationPolicy">
>>> <bean
>>> class="org.jasig.cas.authentication.AnyAuthenticationPolicy"
>>> />
>>> </property>
>>> </bean>
>>>
>>> <!-- Required for proxy ticket mechanism. -->
>>> <bean id="proxyAuthenticationHandler"
>>> class="org.jasig.cas.authentication.handler.support.
>>> HttpBasedServiceCredentialsAuthenticationHandler"
>>> p:httpClient-ref="httpClient" />
>>>
>>> <!--
>>> | Change principalIdAttribute to use another directory attribute,
>>> | e.g. userPrincipalName, for the NetID
>>> -->
>>> <bean id="ldapAuthenticationHandler"
>>> class="org.jasig.cas.authentication.LdapAuthenticationHandler"
>>> p:principalIdAttribute="sAMAccountName"
>>> c:authenticator-ref="authenticator"
>>> p:passwordPolicyConfiguration-ref="passwordPolicy" >
>>> <property name="principalAttributeMap">
>>> <map>
>>> <!--
>>> | This map provides a simple attribute resolution
>>> mechanism.
>>> | Keys are LDAP attribute names, values are CAS attribute
>>> names.
>>> | Use this facility instead of a PrincipalResolver if
>>> LDAP is
>>> | the only attribute source.
>>> -->
>>> <entry key="displayName" value="displayName" />
>>> <entry key="sAMAccountName" value="sAMAccountName" />
>>> <entry key="eduPersonAffiliation"
>>> value="eduPersonAffiliation" />
>>> <entry key="groupMembership" value="groupMembership" />
>>> </map>
>>> </property>
>>> </bean>
>>>
>>> <bean id="authenticator" class="org.ldaptive.auth.Authenticator"
>>> c:resolver-ref="dnResolver"
>>> c:handler-ref="authHandler"
>>> p:entryResolver-ref="entryResolver" >
>>> <property name="authenticationResponseHandlers">
>>> <util:list>
>>> <bean class="org.ldaptive.auth.ext.
>>> ActiveDirectoryAuthenticationResponseHandler" />
>>> </util:list>
>>> </property>
>>> </bean>
>>>
>>>
>>> <!-- Active Directory UPN format. -->
>>> <bean id="dnResolver"
>>> class="org.ldaptive.auth.FormatDnResolver"
>>> c:format="%s@${ldap.domain}" />
>>>
>>> <bean id="authHandler" class="org.ldaptive.auth.
>>> PooledBindAuthenticationHandler"
>>> p:connectionFactory-ref="pooledLdapConnectionFactory" />
>>>
>>> <bean id="pooledLdapConnectionFactory" class="org.ldaptive.pool.
>>> PooledConnectionFactory"
>>> p:connectionPool-ref="connectionPool" />
>>>
>>> <bean id="connectionPool" class="org.ldaptive.pool.
>>> BlockingConnectionPool"
>>> init-method="initialize"
>>> p:poolConfig-ref="ldapPoolConfig"
>>> p:blockWaitTime="${ldap.pool.blockWaitTime}"
>>> p:validator-ref="searchValidator"
>>> p:pruneStrategy-ref="pruneStrategy"
>>> p:connectionFactory-ref="connectionFactory" />
>>>
>>> <bean id="ldapPoolConfig" class="org.ldaptive.pool.PoolConfig"
>>> p:minPoolSize="${ldap.pool.minSize}"
>>> p:maxPoolSize="${ldap.pool.maxSize}"
>>> p:validateOnCheckOut="${ldap.pool.validateOnCheckout}"
>>> p:validatePeriodically="${ldap.pool.validatePeriodically}"
>>> p:validatePeriod="${ldap.pool.validatePeriod}" />
>>>
>>> <bean id="connectionFactory" class="org.ldaptive.
>>> DefaultConnectionFactory"
>>> p:connectionConfig-ref="connectionConfig" />
>>>
>>> <bean id="connectionConfig" class="org.ldaptive.ConnectionConfig"
>>> p:ldapUrl="${ldap.url}"
>>> p:connectTimeout="${ldap.connectTimeout}"
>>> p:useStartTLS="${ldap.useStartTLS}"
>>> p:sslConfig-ref="sslConfig"/>
>>>
>>> <bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
>>> <property name="credentialConfig">
>>> <bean class="org.ldaptive.ssl.X509CredentialConfig"
>>> p:trustCertificates="${ldap.trustedCert}" />
>>> </property>
>>> </bean>
>>>
>>> <bean id="pruneStrategy" class="org.ldaptive.pool.IdlePruneStrategy"
>>> p:prunePeriod="${ldap.pool.prunePeriod}"
>>> p:idleTime="${ldap.pool.idleTime}" />
>>>
>>> <bean id="searchValidator" class="org.ldaptive.pool.SearchValidator"
>>> />
>>>
>>> <bean id="entryResolver" class="org.jasig.cas.
>>> authentication.support.UpnSearchEntryResolver"
>>> p:baseDn="${ldap.authn.baseDn}" />
>>>
>>> <!--
>>> | TODO: Replace this component with one suitable for your
>>> enviroment.
>>> |
>>> | This component provides authentication for the kind of
>>> credential used in your environment. In most cases
>>> | credential is a username/password pair that lives in a system
>>> of record like an LDAP directory.
>>> | The most common authentication handler beans:
>>> |
>>> | * org.jasig.cas.authentication.LdapAuthenticationHandler
>>> | * org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHan
>>> dler
>>> | * org.jasig.cas.adaptors.x509.authentication.handler.support.
>>> X509CredentialsAuthenticationHandler
>>> | * org.jasig.cas.support.spnego.authentication.handler.support.
>>> JCIFSSpnegoAuthenticationHandler
>>> -->
>>> <!-- <bean id="primaryAuthenticationHandler"
>>> class="org.jasig.cas.authentication.
>>> AcceptUsersAuthenticationHandler">
>>> <property name="users">
>>> <map>
>>> <entry key="casuser" value="Mellon"/>
>>> </map>
>>> </property>
>>> </bean>-->
>>>
>>> <!-- Required for proxy ticket mechanism -->
>>> <bean id="proxyPrincipalResolver" class="org.jasig.cas.
>>> authentication.principal.BasicPrincipalResolver" />
>>>
>>> <!--
>>> | Resolves a principal from a credential using an attribute
>>> repository that is configured to resolve
>>> | against a deployer-specific store (e.g. LDAP).
>>> -->
>>> <bean id="primaryPrincipalResolver" class="org.jasig.cas.
>>> authentication.principal.PersonDirectoryPrincipalResolver" >
>>> <property name="attributeRepository" ref="attributeRepository" />
>>> </bean>
>>>
>>> <!--
>>> Bean that defines the attributes that a service may return. This
>>> example uses the Stub/Mock version. A real implementation
>>> may go against a database or LDAP server. The id should remain
>>> "attributeRepository" though.
>>> +-->
>>> <bean id="attributeRepository" class="org.jasig.services.
>>> persondir.support.StubPersonAttributeDao"
>>> p:backingMap-ref="attrRepoBackingMap" />
>>>
>>> <util:map id="attrRepoBackingMap">
>>> <entry key="displayName" value="displayName" />
>>> <entry key="sAMAccountName" value="sAMAccountName" />
>>> <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
>>> <entry key="groupMembership" value="groupMembership" />
>>> </util:map>
>>>
>>> <!--
>>> Sample, in-memory data store for the ServiceRegistry. A real
>>> implementation
>>> would probably want to replace this with the JPA-backed
>>> ServiceRegistry DAO
>>> The name of this bean should remain "serviceRegistryDao".
>>> +-->
>>> <bean id="serviceRegistryDao" class="org.jasig.cas.services.
>>> InMemoryServiceRegistryDaoImpl"
>>> p:registeredServices-ref="registeredServicesList" />
>>>
>>> <util:list id="registeredServicesList">
>>>
>>> <bean class="org.jasig.cas.services.RegexRegisteredService"
>>> p:id="0" p:name="HTTP and IMAP" p:description="Allows
>>> HTTP(S) and IMAP(S) protocols"
>>> p:serviceId="^(https?|imaps?)://.*"
>>> p:evaluationOrder="10000001"
>>> p:allowedToProxy="true" />
>>>
>>> </util:list>
>>>
>>> <bean id="auditTrailManager" class="com.github.inspektr.
>>> audit.support.Slf4jLoggingAuditTrailManager" />
>>>
>>> <bean id="healthCheckMonitor"
>>> class="org.jasig.cas.monitor.HealthCheckMonitor"
>>> p:monitors-ref="monitorsList" />
>>>
>>> <util:list id="monitorsList">
>>> <bean class="org.jasig.cas.monitor.MemoryMonitor"
>>> p:freeMemoryWarnThreshold="10" />
>>> <!--
>>> NOTE
>>> The following ticket registries support SessionMonitor:
>>> * DefaultTicketRegistry
>>> * JpaTicketRegistry
>>> Remove this monitor if you use an unsupported registry.
>>> -->
>>> <bean class="org.jasig.cas.monitor.SessionMonitor"
>>> p:ticketRegistry-ref="ticketRegistry"
>>> p:serviceTicketCountWarnThreshold="5000"
>>> p:sessionCountWarnThreshold="100000" />
>>> </util:list>
>>>
>>>
>>> </beans>
>>>
>>>
>>> ================================== lppe-configuration
>>> ================================================
>>>
>>> <beans xmlns="http://www.springframework.org/schema/beans";
>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>>> xmlns:p="http://www.springframework.org/schema/p";
>>> xsi:schemaLocation="http://www.springframework.org/schema/beans
>>> http://www.springframework.org/schema/beans/spring-beans.xsd";>
>>>
>>> <!--
>>> | Sample LDAP password policy configuration.
>>> | There are notable configuration requirements for LDAP components
>>> required for password policy
>>> | depending on the directory (Active Directory, OpenLDAP, etc).
>>> | See CAS documentation for more information.
>>> -->
>>> <bean id="passwordPolicy" class="org.jasig.cas.authentication.support.
>>> LdapPasswordPolicyConfiguration"
>>> p:alwaysDisplayPasswordExpirationWarning="${password.policy.
>>> warnAll}"
>>> p:passwordWarningNumberOfDays="${password.policy.warningDays}"
>>> p:passwordPolicyUrl="${password.policy.url}"
>>> p:accountStateHandler-ref="accountStateHandler" />
>>>
>>> <!-- This component is suitable for most cases but can be replaced
>>> with a custom component for special cases. -->
>>> <bean id="accountStateHandler" class="org.jasig.cas.
>>> authentication.support.DefaultAccountStateHandler" />
>>>
>>> </beans>
>>>
>>>
>>>
>>>
>>> Thanks for any time spent for help me
>>>
>>> Antoine
>>>
>>> --
>> You are currently subscribed to [email protected] as: [email protected]
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
