Hi, I have followed the instructions at http://jasig.github.io/cas/4.0.0/installation/LDAP-Authentication.html#ldap-password-policy-enforcement to configure LPPE. But for some reason cant get it to work. I have configured LDAP authentication and it works as expected. But it does not return the account state that is required by LPPE. When logging with a locked account I get the following entry in the log. Account state returns as null although the LDAP error states the account is locked. Am I missing something in the configuration? I am using the DefaultAccountStateHandler.
2014-06-26 16:42:50,101 DEBUG [org.ldaptive.auth.PooledBindAuthenticationHandler] - authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@2038749367::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@11539637::config=[org.ldaptive.ConnectionConfig@673150829::ldapUrl=ldap://xxxx, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@702130607::connectionCount=2, environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@69575714::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null, controlProcessor=org.ldaptive.provider.ControlProcessor@433ab64e]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@659f2755], result=false, resultCode=INVALID_CREDENTIALS, message=javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 775, v1772\00], controls=null] for criteria=[org.ldaptive.auth.AuthenticationCriteria@128405565::dn=CN=test8\, Bpo,OU=agent ou,OU=BPO test OU,OU=Campaigns,OU=xxxx,OU=Sites,DC=xxxx,DC=com, authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@1540952055::user=btest8, retAttrs=[]]] 2014-06-26 16:42:50,112 INFO [org.ldaptive.auth.Authenticator] - Authentication failed for dn: CN=test8\, Bpo,OU=agent ou,OU=BPO test OU,OU=Campaigns,OU=xxxx,OU=Sites,DC=xxxx,DC=com 2014-06-26 16:42:50,127 DEBUG [org.ldaptive.auth.Authenticator] - authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@2038749367::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@11539637::config=[org.ldaptive.ConnectionConfig@673150829::ldapUrl=ldap://lahdc.xxxx.com, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@702130607::connectionCount=2, environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@69575714::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null, controlProcessor=org.ldaptive.provider.ControlProcessor@433ab64e]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@659f2755], result=false, resultCode=INVALID_CREDENTIALS, message=javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 775, v1772\00], controls=null] for dn=CN=test8\, Bpo,OU=agent ou,OU=BPO test OU,OU=Campaigns,OU=xxxx,OU=Sites,DC=xxxx,DC=com with request=[org.ldaptive.auth.AuthenticationRequest@1540952055::user=btest8, retAttrs=[]] 2014-06-26 16:42:50,134 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP response: [org.ldaptive.auth.AuthenticationResponse@1850787950::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE, ldapEntry=[dn=CN=test8\, Bpo,OU=agent ou,OU=BPO test OU,OU=Campaigns,OU=xxxx,OU=Sites,DC=xxxx,DC=com[]], accountState=null, result=false, resultCode=INVALID_CREDENTIALS, message=javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 775, v1772\00], controls=null] 2014-06-26 16:42:50,136 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - Applying password policy to [org.ldaptive.auth.AuthenticationResponse@1850787950::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE, ldapEntry=[dn=CN=test8\, Bpo,OU=agent ou,OU=BPO test OU,OU=Campaigns,OU=xxxx,OU=Sites,DC=xxxx,DC=com[]], accountState=null, result=false, resultCode=INVALID_CREDENTIALS, message=javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 775, v1772\00], controls=null] 2014-06-26 16:42:50,137 DEBUG [org.jasig.cas.authentication.support.DefaultAccountStateHandler] - Account state not defined 2014-06-26 16:42:50,137 DEBUG [org.jasig.cas.authentication.support.DefaultAccountStateHandler] - Handling null 2014-06-26 16:42:50,138 DEBUG [org.jasig.cas.authentication.support.DefaultAccountStateHandler] - No LDAP error mapping defined for null 2014-06-26 16:42:50,138 DEBUG [org.jasig.cas.authentication.support.DefaultAccountStateHandler] - Account state warning not defined 2014-06-26 16:42:50,139 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - LdapAuthenticationHandler failed authenticating btest8+password Thanks -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
