New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add FreeIPA support #57

Merged
merged 1 commit into from Nov 17, 2015

Conversation

Projects
None yet
2 participants
@tduehr
Copy link
Contributor

tduehr commented Nov 13, 2015

Adds support for FreeIPA.

dfish3r added a commit that referenced this pull request Nov 17, 2015

@dfish3r dfish3r merged commit b5a076b into vt-middleware:master Nov 17, 2015

final LdapEntry entry = response.getLdapEntry();
final LdapAttribute expTime = entry.getAttribute("krbPasswordExpiration");
logger.info("krbPasswordExpiration: {}", expTime);
final LdapAttribute loginRemaining = entry.getAttribute("loginGraceRemaining");

This comment has been minimized.

@dfish3r

dfish3r Nov 18, 2015

Member

I can't find any documentation indicating that FreeIPA uses the loginGraceRemaining attribute. Was this a copy paste vestige?

This comment has been minimized.

@tduehr

tduehr Nov 19, 2015

Contributor

Yes, sort of. I started with EDirectory and the beginnings of a Kerberos/LDAP AccountState based on the LDAP password management standard. I'll take a look through the code and send another PR to correct these.

This comment has been minimized.

@dfish3r

dfish3r Nov 19, 2015

Member

Ok. Make sure you review latest rev on master. Thanks.

This comment has been minimized.

@tduehr

tduehr Nov 20, 2015

Contributor

Seems you guys already took care of this. Thanks.

This comment has been minimized.

@dfish3r

dfish3r Nov 20, 2015

Member

Can you confirm the code in master is working correctly for your FreeIPA instance. We can't test against FreeIPA. Thanks.

This comment has been minimized.

@tduehr

tduehr Nov 20, 2015

Contributor

I have these files in my CAS 4.1 maven overlay and can confirm they work.

private int maxPasswordAge = -1;

/** Maximum password age. */
private int maxLoginFailures = -1;

This comment has been minimized.

@dfish3r

dfish3r Nov 18, 2015

Member

There's no way to set this variable. Looks like the variable is needed, I assume this is an oversight.

This comment has been minimized.

@tduehr

tduehr Nov 19, 2015

Contributor

Correct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment