[cas-user] ldaptive password policy request

3 views
Skip to first unread message

Pablo Vidaurri

unread,
Jan 7, 2022, 11:29:46 PM1/7/22
to CAS Community
Im getting the following error when authenticating a user against LDAP:

[org.ldaptive.auth.Authenticator]
authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE, resultCode=INSUFFICIENT_ACCESS_RIGHTS, matchedDN=, diagnosticMessage=The request control with Object Identifier (OID) "1.3.6.1.4.1.42.2.27.8.5.1" cannot be used due to insufficient access rights, referralURLs=[], messageID=3, controls=[]] 

Is there any way to stop ldaptive from requesting this OID attribute from ldap? I've already tried including 
cas-server-core-api-configuration-model dependency 
and setting 
cas.authn.ldap[0].passwordPolicy.enabled:   false


I don't wish to check for password policy and I don't want to involve another team to make changes to ldap.

-psv

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e6d72761-69e4-430e-b887-f77b121d053cn%40apereo.org.

Pablo Vidaurri

unread,
Jan 8, 2022, 5:16:03 PM1/8/22
to CAS Community, Pablo Vidaurri
I had to modify cas LdapUtils to work around it. I've also put in a request to add a property to avoid the custom code change.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/200fc665-f26a-46ff-b560-293d35c99d75n%40apereo.org.
Reply all
Reply to author
Forward
0 new messages