LPPE: Incorrect handling of "password never expires" active directory flag

Description

Before setting my CAS server in production, I've tested LPPE with an account hich have "Password never expires" : access is refused ! From my server log :

Actually an attribute can be compared to 2^63-1 but according to this technet article [1], we only need to fetch userAccessControl AD attribute and check if the never expire bit is set (2^16).

[1] http://technet.microsoft.com/en-us/library/ee198831.aspx

Environment

Tomcat 7.0.29 / Java 1.6.0_34 on debian squeeze 32 bits

Assignee

Misagh Moayyed

Reporter

Philippe Marasse

Labels

None

Estimated End Date

None

Components

Fix versions

Affects versions

Priority

Minor
Configure