Re: [cas-user] LDAP Password Policy module problems

[Jamie L Sammons]

I'm pretty certain that I'm using the BindLdapAuthenticationHandler
included with the module.  Whenever the module is enabled, org/jasig/cas/adaptors/ldap/BindLdapAuthenticationHandler.class
appears in WEB-INF/classes of the application.  I'm using Tomcat as
the container so the default ClassLoader policy should check WEB-INF/classes
first.  

I can see Regular _expression_ code that
you mention when I'm stepping through the code, but it never gets executed
because String details = e.getMessage(); always contains: "[LDAP:
error code 49 - Invalid Credentials]; nested exception is javax.naming.AuthenticationException:
[LDAP: error code 49 - Invalid Credentials]".

Here is what happens when I run an ldapsearch
with the expired account:

ldapsearch -h {LDAP IP address} -e ppolicy
-v -x -W -D '{Bind DN with expired password}' -b 'dc=example,dc=com' '(uid=*)'
Enter LDAP Password: 
ldap_bind: Invalid credentials (49);
Password expired

So it would seem that OpenLDAPs ppolicy
module is working properly.  Its like the "Password expired"
is getting dropped somewhere along the way.

Thank you,
Jamie Sammons




From:
Eric Pierce <epie...@usf.edu>

To:
cas-user@lists.jasig.org

Date:
08/02/2010 09:18 AM

Subject:
Re: [cas-user] LDAP Password Policy
module problems

Sent by:
epie...@mail.usf.edu




Are you sure you're using the BindLdapAuthenticationHandler
included
with the ldap-pwd-expiration module?  It compares the result to a
Regular _expression_ that should catch 'Password expired' and throws a
custom exception (ExpiredPasswordException)

-Eric

On 8/1/10, Jamie Sammons <jsamm...@cds-global.com> wrote:
> I have also tried this with CAS 3.4.2.1 and
> cas-server-support-ldap-pwd-expiration-3.4.2 and it appears to do
the same
> thing.
>
> It still seems like the LDAP error messages aren't making their way
up
> through the application for some reason.
> --
> You are currently subscribed to cas-user@lists.jasig.org as: epie...@usf.edu
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>


-- 
Eric Pierce
Identity Management Architect
Information Technology
University of South Florida
(813) 974-8868 -- epie...@usf.edu

-- 
You are currently subscribed to cas-user@lists.jasig.org as: jsamm...@cds-global.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user



---------------------------------------------------------

This e-mail message is intended only for the personal use of the recipient(s)
named above. If you are not an intended recipient, you may not review, copy or
distribute this message. If you have received this communication in error,
please notify the CDS Global Help Desk (cdshelpd...@cds-global.com) immediately
by e-mail and delete the original message.

---------------------------------------------------------

-- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.comTo unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user