Thanks for the response (I love mailing lists.....)
You are right. I have a problem with the section that authenticates against
the active directory. I have confirmed that the username / password is
valid by logging into the domain server via the ldp tool with the same
username and password that I put into the user and can see that I am
authenticated.
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3
{NtAuthIdentity: User='istrait'; Pwd= <unavailable>; domain =
'quinault'.}
Authenticated as dn:'istrait'.
Here is the information for that container name in the ldp tool. How would
I write those properties to connect to this username?
(BTW this is a test username on a test system. I had changed that password
in the code but in the copy paste of the process, I managed to leave it in.
It is changed now and thanks for reminding me.....)
Dn: CN=Ian Strait,OU=Quinault Administrators,OU=Quinault School
Dist,DC=quinault,DC=local
4> objectClass: top; person; organizationalPerson; user;
1> cn: Ian Strait;
1> sn: Strait;
1> givenName: Ian;
1> distinguishedName: CN=Ian Strait,OU=Quinault
Administrators,OU=Quinault School Dist,DC=quinault,DC=local;
1> instanceType: 0x4 = ( IT_WRITE );
1> whenCreated: 08/16/2002 10:00:16 Pacific Standard Time Pacific
Daylight Time;
1> whenChanged: 12/17/2009 14:05:33 Pacific Standard Time Pacific
Daylight Time;
1> displayName: Ian Strait;
1> uSNCreated: 5917;
3> memberOf: CN=Staff,OU=Quinault Groups,OU=Quinault School
Dist,DC=quinault,DC=local; CN=Domain Admins,CN=Users,DC=quinault,DC=local;
CN=Administrators,CN=Builtin,DC=quinault,DC=local;
1> uSNChanged: 4724247;
1> name: Ian Strait;
1> objectGUID: f2ca96d5-2db1-4ab8-9f9d-bdafe1bb1416;
1> userAccountControl: 0x200 = ( UF_NORMAL_ACCOUNT );
1> badPwdCount: 0;
1> codePage: 0;
1> countryCode: 0;
1> homeDrive: Z:;
1> badPasswordTime: 12/16/2009 14:53:23 Pacific Standard Time
Pacific Daylight Time;
1> lastLogoff: 01/01/1601 00:00:00 UNC ;
1> lastLogon: 12/17/2009 14:15:21 Pacific Standard Time Pacific
Daylight Time;
1> logonHours: <ldp: Binary blob>;
1> pwdLastSet: 12/17/2009 14:05:33 Pacific Standard Time Pacific
Daylight Time;
1> primaryGroupID: 513;
1> userParameters: m: d
;
1> objectSid: S-1-5-21-606747145-1202660629-1708537768-1317;
1> adminCount: 1;
1> accountExpires: 01/01/1601 00:00:00 UNC ;
1> logonCount: 6334;
1> sAMAccountName: istrait;
1> sAMAccountType: 805306368;
1> userPrincipalName: [email protected];
1> objectCategory:
CN=Person,CN=Schema,CN=Configuration,DC=quinault,DC=local;
1> mSMQSignCertificates: <ldp: Binary blob>;
1> mSMQDigests: <ldp: Binary blob>;
1> msNPAllowDialin: TRUE;
2> dSCorePropagationData: 08/10/2005 15:42:05 Pacific Standard Time
Pacific Daylight Time; 01/01/1601 00:00:05 UNC ;
-----Original Message-----
From: Marvin Addison [mailto:[email protected]]
Sent: Thursday, December 17, 2009 1:58 PM
To: [email protected]
Subject: Re: [cas-user] CAS and Active Directory Error 49
> I have 2 files for you. First is the log with the error
(Looks like I
am
> getting a non existent user error)
I don't think so. LDAP error 49 (0x31) is typically caused by
authentication failure, e.g. bad password (see
http://support.microsoft.com/kb/218185). It looks like it's happening
at application startup when the Spring application context is being
initialized. I would expect that sort of failure to happen if the
credentials used to perform the initial LDAP bind are bad, e.g.:
<property name="userDn" value="{CN=Ian Strait,OU=Quinault
Administrators,OU=Quinault School Dist,DC=quinault,DC=local}"/>
<property name="password" value="{xxxxxxxx}"/>
Are you sure those are correct? You might use the ldp tool,
http://technet.microsoft.com/en-us/library/cc772839%28WS.10%29.aspx,
to verify.
Also, looks like that may be your real password. If so you should
change it immediately.
M
--
This message has been scanned for viruses and
dangerous content by Lake Quinault School District, and is
believed to be clean.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
