Check logs in AD.

Ray

On Sat, 2018-02-10 at 21:57 -0800, M. Reza Ganji wrote:
I have CAS installed and Password Management configured with LDAP. The user 
whom request a reset password link receives the email with the link signed by 
CAS. Then ther are two questions and answers which gets verified correctly and 
user gets redirected to the next page where the new password has to be entered.
However, when user enter the new password and click on Submit an error notify 
the user that password cannot be changed. I have checked the log and there is 
NO error/warning/info in catalina related to PM.

My CAS Config:

  *   The user that is BIND to AD from CAS is Domain Admin.
  *   I have a load balancer that two CAS instances are behind it.
  *   There are two Memcached instances with a load balancer and sync between 
these two in place.
  *   Two AD configured for authentication and both on LDAP port 389
  *   Service Registry, Audit and Log are on JDBC


error message:

Could not update the account password




Debug Log (only available log after click on submit button):


2018-02-11 05:54:43,657 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve 
theme via [SessionThemeResolver]>
2018-02-11 05:54:43,658 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve 
theme via [RequestHeaderThemeResolver]>
2018-02-11 05:54:43,658 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve 
theme via [ServiceThemeResolver]>
2018-02-11 05:54:43,658 DEBUG 
[org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in 
the request context. Falling back to the default theme [cas-theme-default]>
2018-02-11 05:54:43,659 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve 
theme via [FixedThemeResolver]>
2018-02-11 05:54:43,659 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could 
be found. Using default theme [cas-theme-default}>
2018-02-11 05:54:43,698 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve 
theme via [CookieThemeResolver]>
2018-02-11 05:54:43,699 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve 
theme via [SessionThemeResolver]>
2018-02-11 05:54:43,699 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve 
theme via [RequestHeaderThemeResolver]>
2018-02-11 05:54:43,700 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve 
theme via [ServiceThemeResolver]>
2018-02-11 05:54:43,702 DEBUG 
[org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in 
the request context. Falling back to the default theme [cas-theme-default]>
2018-02-11 05:54:43,702 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve 
theme via [FixedThemeResolver]>
2018-02-11 05:54:43,703 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could 
be found. Using default theme [cas-theme-default}>
2018-02-11 05:54:43,720 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve 
theme via [CookieThemeResolver]>
2018-02-11 05:54:43,723 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve 
theme via [SessionThemeResolver]>
2018-02-11 05:54:43,723 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve 
theme via [RequestHeaderThemeResolver]>
2018-02-11 05:54:43,723 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve 
theme via [ServiceThemeResolver]>
2018-02-11 05:54:43,724 DEBUG 
[org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in 
the request context. Falling back to the default theme [cas-theme-default]>
2018-02-11 05:54:43,724 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve 
theme via [FixedThemeResolver]>
2018-02-11 05:54:43,725 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could 
be found. Using default theme [cas-theme-default}>






I have a few thoughts that may have caused it.

  1.  I have configured Active Directory to allow change password over LDAP ( 
https://stackoverflow.com/questions/16861664/how-to-disable-password-operations-over-ldaps-only-policy-in-active-directory
 ). Could this cause the error and interrupt the reset password process?
  2.  I do not have the Password Policy configured on AD. However, I am 
applying the password policy in CAS properties. Could that cause the issue?
  3.  Is there any setting on AD that stops the password being reset through 
CAS?


--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1518541985.1763.6.camel%40uvic.ca.

Reply via email to