Re: [cas-user] Cas not using ppolicy response control.

Mon, 06 Jan 2014 22:46:47 -0800 

Hi,
Would like to know if anyone happened to have clue about this?



Thanks,
Ray.

----- Reply message -----
From: "ray" <id...@cellebrite.com>
To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org>
Subject: [cas-user] Cas not using ppolicy response control.
Date: Mon, Jan 6, 2014 09:35

Hi,
I use ppolicy overlay and enabled ppolicy_use_lockout to separate between 
invalid password and locked accounts on openldap.

database    bdb
suffix      "dc=openiam,dc=com"
rootdn      "cn=Manager,dc=openiam,dc=com"
rootpw      "{SSHA}2ttRoo/t5HuMT2nPxtI6goVUML5R2H9h"
# PPolicy Configuration
overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=openiam,dc=com"
ppolicy_use_lockout
ppolicy_hash_cleartext
I tried to lock a user account by entering a wrong password couple of times 
(pwdMaxFailure)

The user is being locked but when I try to login again I still get the same 
error:

Invalid credentials (49)

the slapo-ppolicy(5) main page states quite clearly that ppolicy_use_lockout 
only affects the ppolicy response control. CAS must Bind using the ppolicy 
request control in order to generate this result code.
Is cas binding this way?

thanks.
--
You are currently subscribed to cas-user@lists.jasig.org as: 
id...@cellebrite.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user
This e-mail and the information it contains may be privileged and/or 
confidential. It is intended solely for the use of the named recipient(s). If 
you are not the intended recipient you may not disclose, copy, distribute or 
retain any part of this message or attachments. If you have received this 
e-mail in error please notify the sender immediately [by clicking 'Reply'] and 
delete this e-mail.
This e-mail and the information it contains may be privileged and/or 
confidential. It is intended solely for the use of the named recipient(s). If 
you are not the intended recipient you may not disclose, copy, distribute or 
retain any part of this message or attachments. If you have received this 
e-mail in error please notify the sender immediately [by clicking 'Reply'] and 
delete this e-mail.

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to