Hi, Would like to know if anyone happened to have clue about this?
Thanks, Ray. ----- Reply message ----- From: "ray" <id...@cellebrite.com> To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org> Subject: [cas-user] Cas not using ppolicy response control. Date: Mon, Jan 6, 2014 09:35 Hi, I use ppolicy overlay and enabled ppolicy_use_lockout to separate between invalid password and locked accounts on openldap. database bdb suffix "dc=openiam,dc=com" rootdn "cn=Manager,dc=openiam,dc=com" rootpw "{SSHA}2ttRoo/t5HuMT2nPxtI6goVUML5R2H9h" # PPolicy Configuration overlay ppolicy ppolicy_default "cn=default,ou=policies,dc=openiam,dc=com" ppolicy_use_lockout ppolicy_hash_cleartext I tried to lock a user account by entering a wrong password couple of times (pwdMaxFailure) The user is being locked but when I try to login again I still get the same error: Invalid credentials (49) the slapo-ppolicy(5) main page states quite clearly that ppolicy_use_lockout only affects the ppolicy response control. CAS must Bind using the ppolicy request control in order to generate this result code. Is cas binding this way? thanks. -- You are currently subscribed to cas-user@lists.jasig.org as: id...@cellebrite.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user This e-mail and the information it contains may be privileged and/or confidential. It is intended solely for the use of the named recipient(s). If you are not the intended recipient you may not disclose, copy, distribute or retain any part of this message or attachments. If you have received this e-mail in error please notify the sender immediately [by clicking 'Reply'] and delete this e-mail. This e-mail and the information it contains may be privileged and/or confidential. It is intended solely for the use of the named recipient(s). If you are not the intended recipient you may not disclose, copy, distribute or retain any part of this message or attachments. If you have received this e-mail in error please notify the sender immediately [by clicking 'Reply'] and delete this e-mail. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user