I need to check user password and member of specific group:

I have CAS 5.2.* 

My config file:

cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldap://example.com
cas.authn.ldap[0].useSsl=false

cas.authn.ldap[0].bindDn=cn=portal_manager,ou=System 
Accounts,dc=example,dc=com
cas.authn.ldap[0].bindCredential=***********
cas.authn.ldap[0].baseDn=DC=example,DC=com
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].userFilter=(&(objectCategory=Person)(sAMAccountName={user})(memberOf=CN=SpecificGroupName,OU=Groups,OU=Company,DC=example,DC=com))

cas.authn.ldap[0].usePasswordPolicy=false

cas.authn.ldap[0].principalAttributeId=sAMAccountName
cas.authn.ldap[0].principalAttributePassword=
cas.authn.ldap[0].principalAttributeList=displayName,commonName,email,memberOf
cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true

When I create auth request then CAS response error:

2018-03-13 17:34:38,515 DEBUG [org.ldaptive.SearchOperation] - <execute 
request=[org.ldaptive.SearchRequest@-384810870::baseDn=DC=hq,DC=bc, 
searchFilter=[org.ldaptive.SearchFilter@-1831897358::filter=(&(objectCategory=Person)(sAMAccountName={user})(memberOf=CN=ManagersPortal,OU=Groups,OU=БАНК,DC=hq,DC=bc)),
 
parameters={context=null, user=braliyev_30424}], returnAttributes=[1.1], 
searchScope=SUBTREE, timeLimit=PT0S, sizeLimit=0, derefAliases=null, 
typesOnly=false, binaryAttributes=null, sortBehavior=UNORDERED, 
searchEntryHandlers=null, searchReferenceHandlers=null, controls=null, 
referralHandler=null, intermediateResponseHandlers=null] with 
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1004112938::config=[org.ldaptive.ConnectionConfig@1791270211::ldapUrl=ldap://hq.bc,
 
connectTimeout=PT5S, responseTimeout=PT5S, 
sslConfig=[org.ldaptive.ssl.SslConfig@887019403::credentialConfig=null, 
trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null, 
enabledCipherSuites=null, enabledProtocols=null, 
handshakeCompletedListeners=null], useSSL=false, useStartTLS=false, 
connectionInitializer=[org.ldaptive.BindConnectionInitializer@727124254::bindDn=cn=kaspi_portal,ou=System
 
Accounts,dc=hq,dc=bc, bindSaslConfig=null, bindControls=null], 
connectionStrategy=org.ldaptive.DefaultConnectionStrategy@1e7a75fd], 
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2104222132::metadata=[ldapUrl=ldap://hq.bc,
 
count=1], environment={com.sun.jndi.ldap.connect.timeout=5000, 
java.naming.ldap.version=3, 
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, 
com.sun.jndi.ldap.read.timeout=5000}, classLoader=null, 
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@334577122::operationExceptionResultCodes=[PROTOCOL_ERROR,
 
SERVER_DOWN], properties={}, 
controlProcessor=org.ldaptive.provider.ControlProcessor@29c0c417, 
environment=null, tracePackets=null, removeDnUrls=true, 
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, 
PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null, 
hostnameVerifier=null]], 
providerConnection=org.ldaptive.provider.jndi.JndiConnection@6368ec02]>
2018-03-13 17:34:38,521 DEBUG [org.ldaptive.SearchOperation] - <execute 
response=[org.ldaptive.Response@626954816::result=[org.ldaptive.SearchResult@-1662255094::entries=[],
 
references=[[org.ldaptive.SearchReference@74822743::referralUrls=[ldap://DomainDnsZones.hq.bc/DC=DomainDnsZones,DC=hq,DC=bc],
 
responseControls=null, messageId=-1, referenceResponse=null], 
[org.ldaptive.SearchReference@-526386759::referralUrls=[ldap://hq.bc/CN=Configuration,DC=hq,DC=bc],
 
responseControls=null, messageId=-1, referenceResponse=null], 
[org.ldaptive.SearchReference@-1214994231::referralUrls=[ldap://ForestDnsZones.hq.bc/DC=ForestDnsZones,DC=hq,DC=bc],
 
responseControls=null, messageId=-1, referenceResponse=null]]], 
resultCode=SUCCESS, message=null, matchedDn=null, responseControls=null, 
referralURLs=null, messageId=-1] for 
request=[org.ldaptive.SearchRequest@-384810870::baseDn=DC=hq,DC=bc, 
searchFilter=[org.ldaptive.SearchFilter@-1831897358::filter=(&(objectCategory=Person)(sAMAccountName={user})(memberOf=CN=ManagersPortal,OU=Groups,OU=БАНК,DC=hq,DC=bc)),
 
parameters={context=null, user=braliyev_30424}], returnAttributes=[1.1], 
searchScope=SUBTREE, timeLimit=PT0S, sizeLimit=0, derefAliases=null, 
typesOnly=false, binaryAttributes=null, sortBehavior=UNORDERED, 
searchEntryHandlers=null, searchReferenceHandlers=null, controls=null, 
referralHandler=null, intermediateResponseHandlers=null] with 
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1004112938::config=[org.ldaptive.ConnectionConfig@1791270211::ldapUrl=ldap://hq.bc,
 
connectTimeout=PT5S, responseTimeout=PT5S, 
sslConfig=[org.ldaptive.ssl.SslConfig@887019403::credentialConfig=null, 
trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null, 
enabledCipherSuites=null, enabledProtocols=null, 
handshakeCompletedListeners=null], useSSL=false, useStartTLS=false, 
connectionInitializer=[org.ldaptive.BindConnectionInitializer@727124254::bindDn=cn=kaspi_portal,ou=System
 
Accounts,dc=hq,dc=bc, bindSaslConfig=null, bindControls=null], 
connectionStrategy=org.ldaptive.DefaultConnectionStrategy@1e7a75fd], 
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2104222132::metadata=[ldapUrl=ldap://hq.bc,
 
count=1], environment={com.sun.jndi.ldap.connect.timeout=5000, 
java.naming.ldap.version=3, 
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, 
com.sun.jndi.ldap.read.timeout=5000}, classLoader=null, 
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@334577122::operationExceptionResultCodes=[PROTOCOL_ERROR,
 
SERVER_DOWN], properties={}, 
controlProcessor=org.ldaptive.provider.ControlProcessor@29c0c417, 
environment=null, tracePackets=null, removeDnUrls=true, 
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, 
PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null, 
hostnameVerifier=null]], 
providerConnection=org.ldaptive.provider.jndi.JndiConnection@6368ec02]>

2018-03-13 17:34:38,526 INFO [org.ldaptive.auth.PooledSearchDnResolver] - 
<search for 
user=[org.ldaptive.auth.User@1756715488::identifier=braliyev_30424, 
context=null] failed using 
filter=[org.ldaptive.SearchFilter@-1831897358::filter=(&(objectCategory=Person)(sAMAccountName={user})(memberOf=CN=ManagersPortal,OU=Groups,OU=БАНК,DC=hq,DC=bc)),
 
parameters={context=null, user=braliyev_30424}]>
2018-03-13 17:34:38,526 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] - 
<resolved dn=null for 
user=[org.ldaptive.auth.User@1756715488::identifier=braliyev_30424, 
context=null]>
2018-03-13 17:34:38,526 DEBUG [org.ldaptive.auth.Authenticator] - 
<authenticate dn=null with 
request=[org.ldaptive.auth.AuthenticationRequest@1687550059::user=[org.ldaptive.auth.User@1756715488::identifier=braliyev_30424,
 
context=null], returnAttributes=[commonName, sAMAccountName, displayName, 
memberOf, email], controls=null]>

CAS search request result is empty.



When I change configuration "userFilter" without checking memberOf  - 
cas.authn.ldap[0].userFilter=(&(objectCategory=Person)) authorization works 
corretly.

I checked my search request in LDAPAdmin utility, he works correctly.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5eb434b2-97c7-475b-94a7-a15f85612a5f%40apereo.org.

Reply via email to