I looked over the LPPE implementation and didn't see anything specific
to ppolicy. So I wouldn't say it's a bug, it's just not there yet.
Marvin and I will set aside some time this week to document the
configuration and will supply any necessary patches to 4.0-RC3 to
support ppolicy. You shouldn't need to do any coding to use this
feature.
--Daniel Fisher
On Mon, Jan 13, 2014 at 6:30 AM, Idan Fridman <id...@cellebrite.com> wrote:
> Hi,
>
> Sorry for bugging on this one.
>
> But if no one answering I assume there is a bug?
>
>
>
> Thanks.
>
>
>
> ----- Reply message -----
> From: "ray" <id...@cellebrite.com>
> To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org>
> Subject: [cas-user] Cas not using ppolicy response control.
> Date: Mon, Jan 6, 2014 09:35
>
>
>
> Hi,
> I use ppolicy overlay and enabled ppolicy_use_lockout to separate between
> invalid password and locked accounts on openldap.
>
> database bdb
> suffix "dc=openiam,dc=com"
> rootdn "cn=Manager,dc=openiam,dc=com"
> rootpw "{SSHA}2ttRoo/t5HuMT2nPxtI6goVUML5R2H9h"
> # PPolicy Configuration
> overlay ppolicy
> ppolicy_default "cn=default,ou=policies,dc=openiam,dc=com"
> ppolicy_use_lockout
> ppolicy_hash_cleartext
> I tried to lock a user account by entering a wrong password couple of times
> (pwdMaxFailure)
>
> The user is being locked but when I try to login again I still get the same
> error:
>
> Invalid credentials (49)
>
> the slapo-ppolicy(5) main page states quite clearly that ppolicy_use_lockout
> only affects the ppolicy response control. CAS must Bind using the ppolicy
> request control in order to generate this result code.
> Is cas binding this way?
>
> thanks.
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> id...@cellebrite.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> This e-mail and the information it contains may be privileged and/or
> confidential. It is intended solely for the use of the named recipient(s).
> If you are not the intended recipient you may not disclose, copy, distribute
> or retain any part of this message or attachments. If you have received this
> e-mail in error please notify the sender immediately [by clicking 'Reply']
> and delete this e-mail.
>
> This e-mail and the information it contains may be privileged and/or
> confidential. It is intended solely for the use of the named recipient(s).
> If you are not the intended recipient you may not disclose, copy, distribute
> or retain any part of this message or attachments. If you have received this
> e-mail in error please notify the sender immediately [by clicking 'Reply']
> and delete this e-mail.
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: dfis...@vt.edu
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
