Page Comparison

...

Support for Non-Expiring ActiveDirectory Accounts

TODOCurrent version of LPPE in CAS 3.5.x contains a bug in calculating the expiration date for AD accounts that are flagged to never expire. The correct approach would be to look up the bitwise value in the userAccountControl attribute of the AD container to detect account state. This fix can be accommodated through support for retrieval of custom attributes as descrfibed above.

The bitwise flags are define as such:

Code Block

    private enum ActiveDirectoryUserAccountControlFlags {
        UAC_FLAG_ACCOUNT_DISABLED(2),
        UAC_FLAG_LOCKOUT(16),
        UAC_FLAG_PASSWD_NOTREQD(32),
        UAC_FLAG_DONT_EXPIRE_PASSWD(65536),
        UAC_FLAG_PASSWORD_EXPIRED(8388608);
        
        private int value;
        
        ActiveDirectoryUserAccountControlFlags(final int id) { 
            this.value = id; 
        }
        
        public final int getValue() { 
            return this.value; 
        }
    }

Reduce Ldap Query Overhead

...

Internalization of Ldap Error Codes Pre-Authentication

TODO

Support for Account Examiners Post-Authentication

...

Version	Old Version 4	New Version 5
Changes made by	Misagh Moayyed	Misagh Moayyed
Saved on	Nov 20, 2012	Nov 26, 2012

Versions Compared

Key

Support for Non-Expiring ActiveDirectory Accounts

Reduce Ldap Query Overhead

Internalization of Ldap Error Codes Pre-Authentication

Support for Account Examiners Post-Authentication