I can see Regular _expression_ code that you mention when I'm stepping through the code, but it never gets executed because String details = e.getMessage(); always contains: "[LDAP: error code 49 - Invalid Credentials]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]".
Here is what happens when I run an ldapsearch with the expired account:
ldapsearch -h {LDAP IP address} -e ppolicy -v -x -W -D '{Bind DN with expired password}' -b 'dc=example,dc=com' '(uid=*)'
Enter LDAP Password:
ldap_bind: Invalid credentials (49); Password expired
So it would seem that OpenLDAPs ppolicy module is working properly. Its like the "Password expired" is getting dropped somewhere along the way.
Thank you,
Jamie Sammons
From: | Eric Pierce <epie...@usf.edu> |
To: | cas-user@lists.jasig.org |
Date: | 08/02/2010 09:18 AM |
Subject: | Re: [cas-user] LDAP Password Policy module problems |
Sent by: | epie...@mail.usf.edu |
Are you sure you're using the BindLdapAuthenticationHandler included
with the ldap-pwd-expiration module? It compares the result to a
Regular _expression_ that should catch 'Password expired' and throws a
custom exception (ExpiredPasswordException)
-Eric
On 8/1/10, Jamie Sammons <jsamm...@cds-global.com> wrote:
> I have also tried this with CAS 3.4.2.1 and
> cas-server-support-ldap-pwd-expiration-3.4.2 and it appears to do the same
> thing.
>
> It still seems like the LDAP error messages aren't making their way up
> through the application for some reason.
> --
> You are currently subscribed to cas-user@lists.jasig.org as: epie...@usf.edu
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
--
Eric Pierce
Identity Management Architect
Information Technology
University of South Florida
(813) 974-8868 -- epie...@usf.edu
--
You are currently subscribed to cas-user@lists.jasig.org as: jsamm...@cds-global.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
--------------------------------------------------------- This e-mail message is intended only for the personal use of the recipient(s) named above. If you are not an intended recipient, you may not review, copy or distribute this message. If you have received this communication in error, please notify the CDS Global Help Desk (cdshelpd...@cds-global.com) immediately by e-mail and delete the original message. --------------------------------------------------------- |
--
You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user