Warning, poorly formatted, verbose logging output follows.
Hopefull this has not been beaten to death.
Marvin, I configured my
CredentialsToLDAPAttributePrincipalResolvers for my
attributeSources..i.e. AD and Novell. I fired up my app and hit a
Referral
in AD. After looking at the code it seems that there is no good way
to set
ignorePartialResultsException as there is in the
BindLdapAuthenticationHandler.
On the surface, the application appears to function, the user is
successfully authenticated. However, no attributes are getting set
in the
principal. If all is functioning as designed, the user attributes I
mapped
in the config file should show up in the principal in the request,
correct?
I am currently using PersonDirectory 1.5.0-RC5. Is this still a
known issue
or is there a fix?
I am set up to search AD first then fall through to Novell. The the
user
included in the sample happens to exist in both
Here is the server log output:
2010-05-19 12:49:20,197 DEBUG
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Attempting to
create
TicketGrantingTicket for [username: xxxxxxxx]>
2010-05-19 12:49:20,200 DEBUG
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] -
<Performing
LDAP bind with credential:
CN=xxxxxx,OU=xxxxxx,OU=xxxxx,DC=xxxx,DC=xxxx,DC=xxxx>
2010-05-19 12:49:20,200 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
authenticated the user which provided the following credentials:
[username:
xxxxxxx]>
2010-05-19 12:49:20,200 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- <Attempting to resolve a principal...>
2010-05-19 12:49:20,200 DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
- <Attempting to resolve a principal...>
2010-05-19 12:49:20,200 DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
- <Creating SimplePrincipal for [xxxxxx]>
2010-05-19 12:49:20,200 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- <Resolved deanhe01. Trying LDAP resolve now...>
2010-05-19 12:49:20,200 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- <LDAP search with filter "(|(sAMAccountName=xxxxx)(mail=xxxxx))">
2010-05-19 12:49:20,201 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- <returning searchcontrols: scope=2;
searchbase=DC=xxxx,DC=xxxxx,DC=xxx;
attributes=[sAMAccountName]; timeout=1000>
2010-05-19 12:49:20,202 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- <Resolved xxxxxxx to xxxxxxx>
2010-05-19 12:49:20,202 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- <Creating SimplePrincipal for [xxxxxxx]>
2010-05-19 12:49:20,202 DEBUG
[org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] -
<Created seed map='{username=[xxxxxx]}' for uid='xxxxx'>
2010-05-19 12:49:20,202 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] -
<Adding
attribute 'sAMAccountName' with value '[xxxxxxx]' to query builder
'null'>
2010-05-19 12:49:20,202 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] -
<Generated query builder '(sAMAccountName=xxxxxxxx)' from query Map
{username=[xxxxxxxx]}.>
2010-05-19 12:49:20,203 WARN
[org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl]
<Recovering From Exception thrown by
'org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao@
861a09'>org.springframework.ldap.PartialResultException:
Unprocessed Continuation Reference(s); nested exception is
javax.naming.PartialResultException: Unprocessed Continuation
Reference(s);
remaining name 'DC=xxxx,DC=xxxxxxxx,DC=xxx'
at
org.springframework.ldap.support.LdapUtils.convertLdapException(LdapU
tils.java:203)
at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:3
15)
at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:2
59)
at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:5
71)
at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:5
56)
.......
Caused by: javax.naming.PartialResultException: Unprocessed
Continuation
Reference(s); remaining name 'DC=Test,DC=nintendo,DC=com'cket(Cenat
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:
2794)
at
com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumer
ation.java:129)
2010-05-19 12:49:20,205 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] -
<Adding
attribute 'cn' with value '[xxxxxxxx]' to query builder 'null'>
2010-05-19 12:49:20,205 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] -
<Generated query builder '(cn=xxxxxxxx)' from query Map
{username=[xxxxxxxx]}.>
2010-05-19 12:49:20,210 DEBUG
[org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] -
<Retrieved
attributes='[NamedPersonImpl[name=xxxxx,attributes={givenName=[Dean],
mail=[[email protected]], company=[xxx], location=[xxxxx],
employeeType=[E], employeeStatus=[A], title=[xxxxxxxx], userId=
[xxxxxxx],
memberOf=[cn=xxxxxxx,ou=xxxxx,o=xxxxx], department=[xxxxxxxx],
displayName=[xxxxxxxxx]}]]' for query='{username=[xxxxxxx]}',
isFirstQuery=false,
currentlyConsidering=
'org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao@
a6aa31',
resultAttributes='null'>
2010-05-19 12:49:20,210 DEBUG
[org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] -
<Aggregated search results
'[NamedPersonImpl[name=xxxxx,attributes={givenName=[Dean],
mail=[[email protected]], company=[xxxxx], location=[xxxxx],
employeeType=[E], employeeStatus=[A], title=[xxxxxxxxxxxxx],
userId=[xxxxxxxxx], memberOf=[cn=xxxxxxxxxx,ou=xxxxx,o=xxx],
department=[xxxxxxxxxx], displayName=[xxxxxxx]}]]' for
query='{username=[xxxxxxx]}'>
2010-05-19 12:49:20,210 DEBUG
[org.jasig.cas.ticket.registry.JBossCacheTicketRegistry] - <Adding
ticket to
registry for:
TGT-2-m3gN20PLpgWliSR9P1A0MJQE21Isdjw6EHomCnLw4fjc7oy9t4-tstrdsso01>
2010-05-19 12:49:20,214 DEBUG
[org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Removed
cookie with name [CASPRIVACY]>
2010-05-19 12:49:20,214 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action
'AuthenticationViaFormAction' completed execution; result is
'success'>
2010-05-19 12:49:20,214 DEBUG
[org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action
'SendTicketGrantingTicketAction' beginning execution>
2010-05-19 12:49:20,214 DEBUG
[org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Added
cookie
with name [CASTGC] and value
[TGT-2-m3gN20PLpgWliSR9P1A0MJQE21Isdjw6EHomCnLw4fjc7oy9t4-tstrdsso01]>
2010-05-19 12:49:20,214 DEBUG
[org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action
'SndTicketGrantingTicketAction' completed execution; result
is'success'
--
View this message in context:
http://jasig.275507.n4.nabble.com/CAS-Jira-Issue-CAS-663-CredentialsToLDAPAttributePrincipalResolver-AD-PartialResultsException-tp2223630p2223630.html
Sent from the CAS Users mailing list archive at Nabble.com.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
