We have done some work around this particular topic. We currently check some particular exceptions returned by LDAP and AD when password is expired (in fact for AD we also check some other particular exceptions : account disabled, locked, ect...). Those features used a custom ldap/ad handler that first check that the user exists using a service account, then use the user credentials to bind and search (an expired account can bind but not search). In this field we are also investigating a new issue concerning automatic pooling/fail over of Ldap connections : when one of the ldap is down we may not catch the right exception. Let us know if those features are of any interest for the community, we would be proud to publish them. Best Regards MAG
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Velpi > Sent: vendredi 22 décembre 2006 12:22 > To: Yale CAS mailing list > Cc: [EMAIL PROTECTED] > Subject: Re: Central Identity Service (CIS) > > > Detect password expired condition and initiate change password > > functionality > > I'm working on this (too) at the moment (integrated into CAS). How far > are you on this topic? I'm eager to cooperate. > > -- Velpi > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
