Le 21/08/2012 18:29, Misagh Moayyed a écrit :
> - 2 messages are missing from all messages_xx.properties :
> screen.accountlocked.heading & screen.accountlocked.message
>
> Please see
https://issues.jasig.org/browse/CAS-1126
Oops, I searched in the list but not in JIRA, sorry :-)
>
> - I always get "WARN"
> [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer]
>
> I do agree that the error message you receive is confusing and in fact
> incorrect. (There is no 'enabled' property). The issue you describe though
> has to with the fact that the userid cannot be located in the ldap
> instance. My initial suspicion is that your context source maybe different
> for the LPPE bean that what it is for the authN bean.
The exception raised is a java.lang.NullPointerException at
javax.naming.directory.BasicAttributes.get(BasicAttributes.java:144), indicating that the
user has not been found although my context source is my searchContextSource also used by
the AuthN bean (AuthN bean also use another context source).
This morning, I've uncommented these two lines from bean ldapPasswordPolicyEnforcer :
<property name="warningDaysAttribute" value="${ldap.authentication.lppe.warningDaysAttribute}" />
<property name="validDaysAttribute" value="${ldap.authentication.lppe.validDaysAttribute}" />
And now it seems to work ?? Very odd, I've to query non-existent attributes to get it working.
With these 2 lines commented, I get :
DEBUG [org.jasig.cas.web.flow.PasswordPolicyEnforcementAction] - Checking account status
for password...
DEBUG [org.jasig.cas.web.flow.PasswordPolicyEnforcementAction] - Retrieving number of days
to password expiration date for user testpm
DEBUG [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - Starting search with
searchFilter: (sAMAccountName=testpm)
DEBUG [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - Returning attributes
pwdlastset:
ERROR [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] -
java.lang.NullPointerException
...
WARN [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - No entry was found for
user testpm. Verify your LPPE settings. If you are not using LPPE, set the 'enabled'
property to false. Password policy enforcement is currently turned on but not configured.
DEBUG [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - Skipping all password
policy checks...
...
And when they're uncommented, I get :
DEBUG [org.jasig.cas.web.flow.PasswordPolicyEnforcementAction] - Checking account status
for password...
DEBUG [org.jasig.cas.web.flow.PasswordPolicyEnforcementAction] - Retrieving number of days
to password expiration date for user testpm
DEBUG [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - Starting search with
searchFilter: (sAMAccountName=testpm)
DEBUG [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - Returning attributes
pwdlastset:passwordwarningdays:maxPwdAge:
DEBUG [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - No warning days value is
found for testpm. Using system default of 30
DEBUG [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - No maximum password valid
days found for testpm. Using system default of 90 days
INFO [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - Recalculated AD pwdlastset
attribute to 2012-08-21T13:14:19.000Z
DEBUG [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - Retrieved date value
2012-08-21T
13:14:19.000Z for date attribute pwdlastset and added 90 days. The final expiration date
is 2012-11-19T13:14:19.000Z
DEBUG [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - Calculating number of
days left to the expiration date for user testpm
INFO [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - Current date is
2012-08-22T07:17:12.621Z
INFO [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - Expiration date is
2012-11-19T13:14:19.000Z
INFO [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - Warning period begins on
2012-10-20T13:14:19.000Z
INFO [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - Password is not expiring.
89 days left to the warning
DEBUG [org.jasig.cas.web.flow.PasswordPolicyEnforcementAction] - Password for testpm is
not expiring
DEBUG [org.jasig.cas.web.flow.PasswordPolicyEnforcementAction] - Switching to flow event
id success for user testpm
So it's the expected behavior :-)
Regards.