Open shenhf opened 10 years ago
It depends on what exactly are you asking for.
If you are asking about authenticators, if they can deal with additional conditions then it is up to that particular authenticator.
For example in ldap authenticator you have that possibility to define filter like: filter: (active=yes)
which will check additional if the field active is set to yes.
If you are asking about sending proper error message (no matter what authenticator you will use) to the user that the credential are good but your account is not active then no, CAS do not have support for that.
Finally I hacked casserver/lib/casserver/authenticators/sql_bcrypt.rb, hard coded matching_users method. It stopped inactive user login, as you said, not sending proper error message.
Is there any solution to deal with inactive accounts at casserver side?