Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.5.0
    • Fix Version/s: 4.0 RC1, 4.0
    • Component/s: LPPE
    • Labels:
      None
    • Environment:
      Tomcat 7.0.29 / Java 1.6.0_34 on debian squeeze 32 bits

      Description

      Before setting my CAS server in production, I've tested LPPE with an account hich have "Password never expires" : access is refused ! From my server log :

      2012-08-24 15:07:57,903 ERROR [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - Authentication failed because account password has expired with -831 to expiration date. 
      Verify the value of the pwdlastset attribute and make sure it's not before the current date, which is 2012-08-24T13:07:57.890Z
      :Authentication failed because account password has expired with -831 to expiration date. 
      Verify the value of the pwdlastset attribute and make sure it's not before the current date, which is 2012-08-24T13:07:57.890Z
      

      Actually an attribute can be compared to 2^63-1 but according to this technet article 1, we only need to fetch userAccessControl AD attribute and check if the never expire bit is set (2^16).

      1 http://technet.microsoft.com/en-us/library/ee198831.aspx

        Attachments

          Activity

            People

            • Assignee:
              mmoayyed Misagh Moayyed
              Reporter:
              pmarasse Philippe Marasse
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: