On 2012-05-30 at 12:45, Andrew Morgan wrote:
Also, your userDN value should be an LDAP DN, not a username. Something like "cn=cas_auth,cn=users,dc=bah,dc=com".
Maybe not. I switched the userDN in our AD contextSource from an LDAP DN to "[email protected]" when some intermittent LDAP authentication errors appeared after a CAS upgrade.
Before the userDN change and after upgrading to CAS 3.4.11, our users would often see the error message "CAS is unavailable" if they entered a bad password when attempting to login to CAS. The corresponding log entries contained an LDAP error code 49. When users logged in with the correct password, no error was displayed or logged. The errors stopped after I set the AD userDN in the form of "[email protected]".
Our OpenLDAP context source has been (as one might expect) working fine with a normal LDAP DN. I'd be interested in hearing if anyone else has seen errors like that with AD, and if there's a better solution than using a nonstandard DN.
-jesse WPI Senior Unix Systems Administrator -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
