LPPE: pwdReset attribute not preventing login/directing user to change password

Description

when pwdReset=TRUE (after admin password reset), LDAP bind actually succeeds so CAS thinks user is logged in, but other LDAP operations are not allowed until user changes password.

I would expect CAS to catch this under the LdapErrorDefinition for p:type="mustChangePassword"; however, if no error is generated, there is no way to catch it.

Other LPPE features work when configured with the correct code/error strings for my LDAP implementation. I got the right errors generated for the accountDisabled, accountLocked and passwordExpired paths.

Environment

LDAP = Sun Java Directory Server

Status

Assignee

Misagh Moayyed

Reporter

Bill Schneider

Labels

None

Estimated End Date

None

Audience

None

Components

Fix versions

Affects versions

3.5.0

Priority

Major