Paul, Did you try adding p:referral="follow"?
Another solution is to use the secure global catalog port (3269) instead of the standard ldaps port, but obviously you need to be sure your DC you are going against is also a GC server. Brady McClenon Senior Server Administrator Applications Research & Development Information Technology Services SUNY College at Oneonta 607-436-3203 “Quotes found on the internet are not always accurate.” - Abraham Lincoln From: Paul Chauvet [mailto:[email protected]] Sent: Monday, June 24, 2013 1:45 PM To: [email protected] Subject: [cas-user] Problem with Active Directory CAS auth ("Unprocessed continuation reference") Hi all, I'm having an issue changing how our CAS server authenticates against our Active Directory environment. Previously we were just using using a search base in active directory which contains our current faculty/staff/students (ou=activeusers,dc=ourserver,dc=newpaltz,dc=edu). Now we also need to get people from an 'inactive' area mostly for alumni (ou=inactiveusers,dc=ourserver,dc=newpaltz,dc=edu). I've changed over instead to searching higher up in the tree to get both (using dc=ourserver,dc=newpaltz,dc=edu) for results and have an error with CAS: Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=active,dc=newpaltz,dc=edu' This is happening because (even with the command line utility ldapsearch) an extra result is returned. The first is the user object, the second is what appears to be a referral: ref: ldaps://DomainDnsZones.ourserver.newpaltz.edu/DC=DomainDnsZones,DC=ourserver,DC=newpaltz,DC=edu I'm not sure what to do to handle this. I tried adding p:ignorePartialResultException="true" to the org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler bean (after seeing similar topics previously on the list) but it isn't working. Not sure if there is something I'm missing, or I put this in the wrong bean. Any insight that you may have would be much appreciated! Paul Chauvet Senior Linux Systems Administrator State University of New York at New Paltz [email protected]<mailto:[email protected]> -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
