> 2010-01-25 13:16:11,994 DEBUG > [org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler] - Performing > LDAP bind with credential: sAMAccountName=mtromp, > cn=Users,dc=ci,dc=ventura,dc=ca,dc=us
I noted there is a space in the DN above. Could you change the filter property of the fast bind handler such that there are no spaces and try again? > Also, I was wondering which registry parameters to set on the Microsoft AD > Server so that I can see what the Active Directory is seeing during the > transaction? I asked our Microsoft domain admins and they said there is an "audit failed authentication" security policy you can enable to see more detail in the security log. I believe http://www.windowsecurity.com/articles/Windows-Active-Directory-Auditing.html shows a screenshot. They claimed that failures include an error code that you can search for that will indicate the exact cause of failure. I don't know whether those code are LDAP error codes or not (http://support.microsoft.com/kb/218185); if they are LDAP codes I would expect one of the following: - 0x31 (49) - Bad credential (wrong password) - 0x20 (32) - Object not found (can't find the DN you provided) M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
