I found more log info in our test environment concerning the inability
of CAS to switch to an active AD DC with my configuration.
2020-05-22 09:07:07,607 ERROR
[org.ldaptive.pool.BlockingConnectionPool] - <[
org.ldaptive.pool.BlockingConnectionPool@1704234754::name=null,
poolConfig=[org.ldaptive.pool.PoolConfig@796
4874::minPoolSize=3, maxPoolSize=10, validateOnCheckIn=false,
validateOnCheckOut=true, validatePeriodically=true,
validatePeriod=PT5M, validateTimeout=PT5S], activator=null, passivator=
[org.ldaptive.pool.BindPassivator@697150633::bindRequest=[
org.ldaptive.BindRequest@266593343::bindDn=CN=casldapper,CN=Managed
Service Accounts,DC=ad,DC=wichita,DC=edu, saslConfig=null,
controls=null, referralHandler=null,
intermediateResponseHandlers=null]], validator=[
org.ldaptive.pool.SearchValidator@1322157662::searchRequest=[
org.ldaptive.SearchRequest@1100233085::
baseDn=, searchFilter=[org.ldaptive.SearchFilter@1642584434::filter=(ob
jectClass=*), parameters={}], returnAttributes=[1.1],
searchScope=OBJECT, timeLimit=PT0S, sizeLimit=1, derefAliase
s=null, typesOnly=false, binaryAttributes=null, sortBehavior=UNORDERED,
searchEntryHandlers=null,
searchReferenceHandlers=[org.ldaptive.referral.SearchReferralHandler$Se
archReferenceHan
dler@2bd6895], controls=null,
referralHandler=org.ldaptive.referral.SearchReferralHandler@6c05228e,
intermediateResponseHandlers=null]]
pruneStrategy=[org.ldaptive.pool.IdlePruneStrateg
y@85268059::prunePeriod=PT2H, idleTime=PT10M], connectOnCreate=true,
connectionFactory=[org.ldaptive.DefaultConnectionFactory@1223536490::pr
ovider=org.ldaptive.provider.unboundid.Unboun
dIDProvider@376345b,
config=[org.ldaptive.ConnectionConfig@1176659945::ldapUrl=ldaps://dcsvc
-300.ad.wichita.edu ldaps://dcsvc-307.ad.wichita.edu
ldaps://latitude.ad.wichita.edu ldaps://
longitude.ad.wichita.edu, connectTimeout=PT3M20S, responseTimeout=PT5S,
sslConfig=[org.ldaptive.ssl.SslConfig@1806177976::credentialConfig=null
, trustManagers=null, hostnameVerifier=org
.ldaptive.ssl.DefaultHostnameVerifier@4e9b6258,
hostnameVerifierConfig=null, enabledCipherSuites=null,
enabledProtocols=null, handshakeCompletedListeners=null], useSSL=true,
useStartTLS
=false, connectionInitializer=[
org.ldaptive.BindConnectionInitializer@2088588092::bindDn=CN=casldapper
,CN=Managed Service Accounts,DC=ad,DC=wichita,DC=edu,
bindSaslConfig=null, bindCont
rols=null],
connectionStrategy=org.ldaptive.ActivePassiveConnectionStrategy@29b56e75
]], initialized=true, availableCount=0, activeCount=0] unable to
connect to the ldap>
org.ldaptive.LdapException: LDAPException(resultCode=49 (invalid
credentials), diagnosticMessage='80090308: LdapErr: DSID-0C090436,
comment: AcceptSecurityContext error, data 52e, v4563
^@', ldapSDKVersion=4.0.12,
revision=aaefc59e0e6d110bf3a8e8a029adb776f6d2ce28
Please advise.
Thanks,
--
Erik Mallory
Server Analyst
Wichita State University
On Mon, 2020-05-18 at 22:35 -0400, Daniel Fisher wrote:
> On Mon, May 18, 2020 at 12:22 PM 'Mallory, Erik' via CAS Community <
> [email protected]> wrote:
> > Could someone confirm and explain the relationship (if any) of
> > passivators to to the connection strategy configuration options?
>
> Passivators are executed when a connection is returned to the pool.
> The connection strategy defines how multiple URLs should be handled
> when a connection is opened.
>
> What do your logs say when the domain controller is rebooted?
>
> --Daniel Fisher
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFC6YwRHAMUZ355LtSpbW28UVuaKaJd%3DhsjNOjz0_Q%3DKFnb9EQ%40mail.gmail.com
> .
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a3e26ead8165561586a5f6a3616a8c89cc236610.camel%40wichita.edu.
