LDAP Error Code Messaging
Daniel Fisher
dfisher at vt.edu
Mon Nov 5 23:25:25 EST 2018
On Mon, Nov 5, 2018 at 4:26 PM Lille M <lillemacdoe at gmail.com> wrote:
> org.ldaptive.LdapException: javax.naming.OperationNotSupportedException:
> [LDAP: error code 53 - Account inactivated. Contact system administrator.]
> at
> net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP.doExecute(ValidateUsernamePasswordAgainstLDAP.java:187)
>
You need to configure a response handler to produce an account state.
Ldaptive doesn't ship with one specific to 389 directory server, but it
does have one for FreeIPA which I believe is based on 389.
Add to ldap-authn-config.xml:
<bean id="authenticationResponseHandler"
class="org.ldaptive.auth.ext.FreeIPAAuthenticationResponseHandler" >
<constructor-arg value="0" /><constructor-arg value="0" /><constructor-arg
value="0" /></bean>
(I left the constructor args at zero assuming you're not interested in
configuring account states for successful authentication.)
If the response handler works you should be able to match on
ACCOUNT_DISABLED.
--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20181105/7c99b0e2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6317 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://shibboleth.net/pipermail/users/attachments/20181105/7c99b0e2/attachment.p7s>
More information about the users
mailing list