-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It's taken me quite a while longer than I wanted to get back to this. Is there really any reason this cannot work with FastBind?
I can try and switch to that, but in the long run FastBind will work much better in my environment. I am currently using FastBind, and I am seeing nothing in the logs like I would expect past the initialization messages. Jeff Vitty, Paul wrote: > Hi Jeff, > > I think a wiki update to highlight that it only works with BindLdap > rather than FastBind as it's not immediately obvious. > > Paul Vitty > > Apache/MySQL Web Platform Engineer > Application Platform Delivery > Information Services Directorate > University of Ulster > > Tel: 02890 366273 > Email: p.vi...@ulster.ac.uk > Web: http://www.ulster.ac.uk/staff/p.vitty.html > > On 15 Feb 2010, at 22:28, "Jeff Chapin" <jeff.cha...@uni.edu> wrote: > > I had actually been barking up that tree -- using BindLdap, and not > FastBind, but had to move in different directions. I will try to > replicate your results in the morning and see what I can come up with. > > Thanks for the pointers! > > Jeff > > Vitty, Paul wrote: >>>> Jeff/Ahsan, >>>> >>>> I've been working on this issue this evening and have gotten to the >>>> point where I am seeing the output you expect to see. >>>> >>>> I'm not sure, maybe you know this already, but the password about >>>> to expire message is only shown when you request a service ticket, >>>> it's not shown when only a ticket granting ticket is requested. >>>> >>>> Another thing I worked out is that you need to use the >>>> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler for your >>>> LDAP authentication handler in deployerConfigContext.xml, where as >>>> before we were using the Fast Bind class. Not sure if that helps >>>> you out, but it's got me this far. >>>> >>>> Paul >>>> >>>> On 15 Feb 2010, at 22:16, Jeff Chapin wrote: >>>> >>>> No, I have not got this to work yet. >>>> >>>> I moved focus to other issues on my plate. I will look into this >>>> again >>>> further tomorrow, but this appears to be the *EXACT* same >>>> experience I >>>> am having -- so we appear to be on the same page, at least. >>>> >>>> Jeff >>>> >>>> Ahsan Imam wrote: >>>>>>> Jeff, >>>>>>> >>>>>>> Did you ever get the module to work? Are you still have issues? >>>>>>> After >>>>>>> the documentation was updated on Feb 10, I changed my >>>>>>> configuration >>>>>>> setting specified for passwordWarningcheck.xml. I am getting no >>>>>>> warning >>>>>>> message and there is nothing in the logs. Logging is set to: >>>>>>> >>>>>>> log4j.logger.org.jasig.cas.services=INFO >>>>>>> log4j.logger.org.jasig.cas.web.flow=DEBUG >>>>>>> log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck= >>>>>>> DEBUG >>>>>>> log4j.logger.org.jasig.cas.adaptors=DEBUG >>>>>>> >>>>>>> >>>>>>> I set warnAll to true and I should see a message "Show Warning >>>>>>> (WarnALL >>>>>>> is TRUE!) -- The password for " + userID + " will expire in " + >>>>>>> Math.round(DateDiff / Timer.ONE_DAY) + " days" based on the >>>>>>> code. I do >>>>>>> not see and message in the browser or the logs. >>>>>>> >>>>>>> I wonder if I am missing something.... >>>>>>> >>>>>>> Sincerely, >>>>>>> Ahsan >>>>>>> >>>>>>> >>>>>>> On Fri, Feb 12, 2010 at 7:55 AM, Jeff Chapin <jeff.cha...@uni.edu >>>>>>> <mailto:jeff.cha...@uni.edu>> wrote: >>>>>>> >>>>>>> You guys rock! >>>>>>> >>>>>>> Only problem I have is I am still not seeing anything new in my >>>>>>> logs. I >>>>>>> am seeing the same behavior as with the last version. >>>>>>> >>>>>>> Thank you so much for the assistance. >>>>>>> >>>>>>> Jeff >>>>>>> >>>>>>> Scott Battaglia wrote: >>>>>>>> I think Eric made an update to the page. Not sure if that will >>>>>>> help or not. >>>>>>> >>>>>>> >>>>>>>> On Thu, Feb 11, 2010 at 10:29 AM, Jeff Chapin >>>>>>>> <jeff.cha...@uni.edu >>>>>>> <mailto:jeff.cha...@uni.edu> >>>>>>>> <mailto:jeff.cha...@uni.edu <mailto:jeff.cha...@uni.edu>>> wrote: >>>>>>>> I believe that log line came from this bean: >>>>>>>> <bean id="PasswordWarningCheckAction" >>>>>>>> class="org.jasig.cas.web.flow.PasswordWarningCheckAction"> >>>>>>>> <property name="passwordWarningCheck" >>>>>>>> ref="passwordWarningCheck" /> >>>>>>>> </bean> >>>>>>>> This was documented in the link below. Am I off base? I am still >>>>>>>> learning how this setup works and feeling my way around. >>>>>>>> Jeff >>>>>>>> Scott Battaglia wrote: >>>>>>>>> I don't know much about it but there's no reason it shouldn't >>>>>>>> work. It >>>>>>>>> doesn't look like there any instructions to tell you to add it >>>>>>>>> to the >>>>>>>>> web flow though. >>>>>>>>> On Wed, Feb 10, 2010 at 12:03 PM, Jeff Chapin >>>>>>> <jeff.cha...@uni.edu <mailto:jeff.cha...@uni.edu> >>>>>>>> <mailto:jeff.cha...@uni.edu <mailto:jeff.cha...@uni.edu>> >>>>>>>>> <mailto:jeff.cha...@uni.edu <mailto:jeff.cha...@uni.edu> >>>>>>> <mailto:jeff.cha...@uni.edu <mailto:jeff.cha...@uni.edu>>>> wrote: >>>>>>> >>>>>>>>> Hello, >>>>>>>>> I am using CAS 3.3.5, and I have tried to get LDAP password >>>>>>>>> policy >>>>>>>>> enforcement running, as per >>>>>>> http://www.ja-sig.org/wiki/display/CASUM/LDAP+Password+Policy+Enforcement >>>>>>> . >>>>>>> >>>>>>>>> I have cranked logging as follows: >>>>>>>>> log4j.logger.org.jasig.cas.services=INFO >>>>>>>>> log4j.logger.org.jasig.cas.web.flow=DEBUG >>>>>>> log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck= >>>>>>> DEBUG >>>>>>>>> log4j.logger.org.jasig.cas.adaptors=DEBUG >>>>>>>>> , other than that, the logging is identical to the Logging >>>>>>>>> page on >>>>>>>>> the wiki. >>>>>>>>> Here are the only logs that are currently appearing: >>>>>>>>> 2010-02-10 10:58:58,550 INFO >>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Search >>>>>>>> Filter: >>>>>>>>> 'cn=%u'> >>>>>>>>> 2010-02-10 10:58:58,551 INFO >>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - >>>>>>>>> <Expire Date >>>>>>>>> Attribute: 'pwdchangedtime'> >>>>>>>>> 2010-02-10 10:58:58,551 INFO >>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - >>>>>>>>> <Warning >>>>>>> Days >>>>>>>>> Attribute: 'passwordwarningdays'> >>>>>>>>> 2010-02-10 10:58:58,551 INFO >>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - >>>>>>>>> <Default >>>>>>>>> Warning Days: '-1'> >>>>>>>>> 2010-02-10 10:58:58,551 INFO >>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Date >>>>>>> format: >>>>>>>>> 'yyyyMMddHHmmss'z''> >>>>>>>>> 2010-02-10 10:58:58,551 INFO >>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <LDAP >>>>>>>>> Search >>>>>>>>> Base: 'cn=Users,dc=collab,dc=uni,dc=edu'> >>>>>>>>> 2010-02-10 10:58:58,553 DEBUG >>>>>>>>> [org.jasig.cas.web.flow.PasswordWarningCheckAction] - <inited >>>>>>>>> with >>>>>>> passwordWarningChecker= >>>>>>> 'org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck'> >>>>>>> >>>>>>>>> As well as a mention to the bean in the following line. >>>>>>>>> 2010-02-10 10:58:58,771 INFO >>>>>>> [org.springframework.beans.factory.support.DefaultListableBeanFactory] >>>>>>> - >>>>>>>>> <Pre-instantiating singletons in >>>>>>> org.springframework.beans.factory.support.DefaultListableBeanFactory@ >>>>>>> 3052ce: >>>>>>> >>>>>>>>> It appears to me that the PasswordWarningCheck is not even >>>>>>>>> firing >>>>>>> -- I >>>>>>>>> would expect much more logging output that this. >>>>>>>>> As an aside, I put -1 as the Warning days, as out LDAP server >>>>>>>>> (Oracle >>>>>>>>> OID) currently only reports the time the password was last >>>>>>>> changed, not >>>>>>>>> when it expires. I have tried positive values with no difference >>>>>>>> in the >>>>>>>>> results. >>>>>>>>> Am I missing something, or is this code simply incompatible >>>>>>>>> with the >>>>>>>>> current CAS version? >>>>>>>>> Thanks, >>>>>>>>> Jeff >>>>>>> >> - -- You are currently subscribed to cas-user@lists.jasig.org as: p.vi...@ulster.ac.uk To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user >> > This email and any attachments are confidential and intended solely for the > use of the addressee and may contain information which is covered by legal, > professional or other privilege. If you have received this email in error > please notify the system manager at postmas...@ulster.ac.uk. The University's > computer systems may be monitored and communications carried on them recorded > to secure the effective operation of the system and for other lawful purposes. - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkuMKqQACgkQQiaEUfQoY7SPRgCgnWcIle/g7iuclMPn+fzJ35DS HLQAnApgp9+G9HwduM3ANQRhceTGXRoF =M/ur -----END PGP SIGNATURE----- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user