Hi, A few remarks, an LDAP bind with an expired password on AD will failed with an LDAP Error code 49. In this failure, there is also a code to precise that the password was expired. http://forum.java.sun.com/thread.jspa?messageID=4227692
To handle expired password against AD and Sun Directory Server, you can look for the string 'expired' in the javax.naming.AuthenticationExceptionstackstrace and throw a custom exception. My 2 cents, Arnaud On 7/26/07, Watkins, Jayme <[EMAIL PROTECTED]> wrote:
From the tests that I have done, when a person logs into Active Directory through LDAP and their password has expired, the system returns the error of "Invalid Credentials" and doesn't give any indication that the password has expired. I was also told by someone on a Microsoft newsgroup that LDAP cannot handle the password expiration situation which has been proven in my tests with .NET. I suppose it is possible to check the "Password Last Set" attribute, but if LDAP won't let the person login even with their good password anymore, what good is it to check it since I can't validate their password? If Kerberos returns the 'password expired' error I will see if we can use that. JW *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *Scott Battaglia *Sent:* Wednesday, July 25, 2007 2:03 PM *To:* Yale CAS mailing list *Subject:* Re: CAS and Active Directory Password Expiration I'm not familiar with AD's password expiration settings. What's supposed to happen if the password is expired? -Scott On 7/24/07, *Watkins, Jayme *<[EMAIL PROTECTED]> wrote: Hi, I have been learning the CAS system for the past couple of weeks from source code and the wiki and like the way the system is setup. We would like to use the system at our college with our Active Directory system and would also like to implement a way to check if the student's password has expired. I have successfully made it work with the Active Directory, but now I am stuck with getting it to understand the "password expiration" setting. I am not sure where to start but I have been reading the source code documentation to get an understanding of the system. Has anyone been able to get this working for their system? Is so, could you please point me in the direction I should take to implement it? Any help would be greatly appreciated. Thanks, JW _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
-- Arnaud Lesueur LinkedIn: http://www.linkedin.com/in/lesueur
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
