Folks, I stumbled upon this thread today and thought I'd send an update here to cas-users (also on-going on cas-dev) just make sure folks are in the loop.
LDAP Password Policy Enformcement Update I've completed a merge of LPPE into a feature branch on https://source.jasig.org/cas3/branches/cas-server-3.4.10-lppe/ such that I can build and install CAS 3.4.10-LPPE-SNAPSHOT in my local mvn repo. This allows me to build a cas server with the feature via simple local maven overlay. To get it to work you need to pull in the configuration files in the resources directory of https://source.jasig.org/sandbox/cas-password-policy/branches/cas-server-support-ldap-pwd-expiration-3.4.x/ I have it working with Active Directory and can induce the PasswordWarning screen. I still need to spend some more time with the code exercising the features. I'd like to arrive at a maintainable approach for this feature for CAS3 in the near term. Would love some collaboration, thoughts, comments on how best to improve on this and help identifying any blockers for inclusion in CAS 3.5. Please share your thoughts... This work is being driven by requirements at Lamar University. Best, Bill -- -------- Original Message -------- Subject: Re: [cas-user] ldap-pwd-expiration module Date: Wed, 26 Jan 2011 09:54:45 -0500 From: Andrew Petro <ape...@unicon.net> Reply-To: cas-user@lists.jasig.org To: cas-user@lists.jasig.org > Is there any interest in implementing the functionality of this module into the main sources? Yes. Very much so. For some reasonable meaning of "into the main sources". I could see it as a an extension as productized and easy to implement as ClearPass. I could also see it as a core CAS module alongside the other core included CAS modules, perhaps even with these password policy checks in the CAS login web flow by default but doing nothing in the case where no implementation of the password policy API is available, assuming buy-in of CAS committers on the value of the feature versus its complexity cost. I'll start a thread on cas-dev on this topic. Your changes all sound welcome improvements. Can you share the source? I'd love to merge your improvements in as the basis of a more productized update to this module, whether the next answer here is polishing an extension module ala ClearPass or inlining the functionality into CAS. Thanks, Andrew On 01/25/2011 05:02 AM, Felix Schumacher wrote: > Hi, > > we have use ldap-pwd-expiration module as a starting point to > implement warnings and a short webflow to change passwords if the user > has a password, which is short of expiring. > > There were a few things, which we did differently than shown in the wiki. > > 1. We started with placing the module inside the checked out svn > sources and edited the pom.xml directly to include it. > While that seemed to work - it created a jar file with the classes > inside - the war file of our overlay build hat a few problems. > a) The needed "principal" could not be found by the webflow, since > b) ldap-pwd-expiration changed a few central classes while > remaining the old classnames. > Those two things were a result of ordering of the jar-files in > WEB-INF/lib/. Tomcat will use the first class for a given name, that > it finds in the classloader. (We could have solved it by renaming > ldap-pwd-expiration jar to start with aa- or something like that. But > that seems a bit flakey. > > 2. We changed the webflow of ldap-pwd-expiration as suggested by > another thread on this list, to leave out the "viewScope" out of the > new end-states. > > 3. We changed the code, which parses the ldap exception messages, so > it can be configured by spring. We don't use ads and our ldap server > has different error messages. > > 4. As a result we copied all files from the ldap-pwd-expiration module > into our overlay directory and changed the names of the classes, to > avoid classloader problems. > > 5. (There is a minor bug in the original source. It will overwrite the > instance variable validDays with user specific values) > > > Is there any interest in implementing the functionality of this module > into the main sources? > > Any thoughts? > Felix > > > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
