How to set maxPasswordAge in ActiveDirectoryAuthenticationResponseHandler?

29 views

Skip to first unread message

Laurent Meunier

unread,

Aug 30, 2017, 12:03:56 PM8/30/17

to ldaptive

Hi,

I'm using CAS 4.2.6, that ships with ldaptive 1.1.0, and I would like to display a warning message for users with password expiring in the next few days.

From what I've seen in the ActiveDirectoryAuthenticationResponseHandler class, the account state is added in the response only if maxPasswordAge is set. But I don't know how to set maxPasswordAge. I've tried to add 'maxPasswordAge="10"' and 'passwordAge="10"' in the bean '<ldaptive:ad-authenticator id="authenticator">', but I got an error indicating that this attribut is not allowed.

https://github.com/vt-middleware/ldaptive/blob/v1.1.0/core/src/main/java/org/ldaptive/auth/ext/ActiveDirectoryAuthenticationResponseHandler.java

Is there a way to set a value for maxPasswordAge?

Best regards,

Laurent

Daniel Fisher

unread,

Aug 31, 2017, 8:33:44 AM8/31/17

to ldap...@googlegroups.com

Unfortunately that version of ldaptive does not expose authentication response handlers in the schema.

You'll have to use the spring beans schema to create an ActiveDirectoryAuthenticationResponseHandler and pass the maxPasswordAge as an argument to the constructor.

Note that you must be able to read the 'pwdLastSet' attribute as part of entry resolution.

--Daniel Fisher

--
You received this message because you are subscribed to the Google Groups "ldaptive" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ldaptive+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all

Reply to author

Forward

0 new messages