RE: Central Identity Service (CIS)

We have done some work around this particular topic.
We currently check some particular exceptions returned by LDAP and AD when
password is expired (in fact for AD we also check some other particular
exceptions : account disabled, locked, ect...).
Those features used a custom ldap/ad handler that first check that the user
exists using a service account, then use the user credentials to bind and
search (an expired account can bind but not search).
In this field we are also investigating a new issue concerning automatic
pooling/fail over of Ldap connections : when one of the ldap is down we may
not catch the right exception.
Let us know if those features are of any interest for the community, we
would be proud to publish them.
Best Regards
MAG 


> -----Original Message-----
> From: cas-bounces-c5E7yoNEsvRIM2btvs0Z1A@xxxxxxxxxxxxxxxx 
> [mailto:cas-bounces-c5E7yoNEsvRIM2btvs0Z1A@xxxxxxxxxxxxxxxx] On
> Behalf Of Velpi
> Sent: vendredi 22 décembre 2006 12:22
> To: Yale CAS mailing list
> Cc: Vlad.Gleiberman-QpJed0S9OxOHXe+LvDLADg@xxxxxxxxxxxxxxxx
> Subject: Re: Central Identity Service (CIS)
> 
> >     Detect password expired condition and initiate change password
> > functionality
> 
> I'm working on this (too) at the moment (integrated into CAS). How far
> are you on this topic? I'm eager to cooperate.
> 
> -- Velpi
> _______________________________________________
> Yale CAS mailing list
> cas-c5E7yoNEsvRIM2btvs0Z1A@xxxxxxxxxxxxxxxx
> http://tp.its.yale.edu/mailman/listinfo/cas