I looked over the LPPE implementation and didn't see anything specific to ppolicy. So I wouldn't say it's a bug, it's just not there yet. Marvin and I will set aside some time this week to document the configuration and will supply any necessary patches to 4.0-RC3 to support ppolicy. You shouldn't need to do any coding to use this feature.
--Daniel Fisher On Mon, Jan 13, 2014 at 6:30 AM, Idan Fridman <id...@cellebrite.com> wrote: > Hi, > > Sorry for bugging on this one. > > But if no one answering I assume there is a bug? > > > > Thanks. > > > > ----- Reply message ----- > From: "ray" <id...@cellebrite.com> > To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org> > Subject: [cas-user] Cas not using ppolicy response control. > Date: Mon, Jan 6, 2014 09:35 > > > > Hi, > I use ppolicy overlay and enabled ppolicy_use_lockout to separate between > invalid password and locked accounts on openldap. > > database bdb > suffix "dc=openiam,dc=com" > rootdn "cn=Manager,dc=openiam,dc=com" > rootpw "{SSHA}2ttRoo/t5HuMT2nPxtI6goVUML5R2H9h" > # PPolicy Configuration > overlay ppolicy > ppolicy_default "cn=default,ou=policies,dc=openiam,dc=com" > ppolicy_use_lockout > ppolicy_hash_cleartext > I tried to lock a user account by entering a wrong password couple of times > (pwdMaxFailure) > > The user is being locked but when I try to login again I still get the same > error: > > Invalid credentials (49) > > the slapo-ppolicy(5) main page states quite clearly that ppolicy_use_lockout > only affects the ppolicy response control. CAS must Bind using the ppolicy > request control in order to generate this result code. > Is cas binding this way? > > thanks. > -- > You are currently subscribed to cas-user@lists.jasig.org as: > id...@cellebrite.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > This e-mail and the information it contains may be privileged and/or > confidential. It is intended solely for the use of the named recipient(s). > If you are not the intended recipient you may not disclose, copy, distribute > or retain any part of this message or attachments. If you have received this > e-mail in error please notify the sender immediately [by clicking 'Reply'] > and delete this e-mail. > > This e-mail and the information it contains may be privileged and/or > confidential. It is intended solely for the use of the named recipient(s). > If you are not the intended recipient you may not disclose, copy, distribute > or retain any part of this message or attachments. If you have received this > e-mail in error please notify the sender immediately [by clicking 'Reply'] > and delete this e-mail. > > -- > You are currently subscribed to cas-user@lists.jasig.org as: dfis...@vt.edu > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user