Anybody?
On Thursday, June 26, 2014 4:59:06 PM UTC+5, wa wrote: > > Hi, > > I have followed the instructions at > http://jasig.github.io/cas/4.0.0/installation/LDAP-Authentication.html#ldap-password-policy-enforcement > > to configure LPPE. But for some reason cant get it to work. I have > configured LDAP authentication and it works as expected. But it does not > return the account state that is required by LPPE. When logging with a > locked account I get the following entry in the log. Account state returns > as null although the LDAP error states the account is locked. Am I missing > something in the configuration? I am using the DefaultAccountStateHandler. > > 2014-06-26 16:42:50,101 DEBUG > [org.ldaptive.auth.PooledBindAuthenticationHandler] - authenticate > response=[org.ldaptive.auth.AuthenticationHandlerResponse@2038749367::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@11539637::config=[org.ldaptive.ConnectionConfig@673150829::ldapUrl=ldap://xxxx, > > connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, > useStartTLS=false, connectionInitializer=null], > providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@702130607::connectionCount=2, > > environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, > com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, > providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@69575714::operationExceptionResultCodes=[PROTOCOL_ERROR, > > SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null, > tracePackets=null, removeDnUrls=true, > searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, > PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null, > controlProcessor=org.ldaptive.provider.ControlProcessor@433ab64e]], > providerConnection=org.ldaptive.provider.jndi.JndiConnection@659f2755], > result=false, resultCode=INVALID_CREDENTIALS, > message=javax.naming.AuthenticationException: [LDAP: error code 49 - > 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, > data 775, v1772\00], controls=null] for > criteria=[org.ldaptive.auth.AuthenticationCriteria@128405565::dn=CN=test8\, > Bpo,OU=agent ou,OU=BPO test > OU,OU=Campaigns,OU=xxxx,OU=Sites,DC=xxxx,DC=com, > authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@1540952055::user=btest8, > > retAttrs=[]]] > > 2014-06-26 16:42:50,112 INFO [org.ldaptive.auth.Authenticator] - > Authentication failed for dn: CN=test8\, Bpo,OU=agent ou,OU=BPO test > OU,OU=Campaigns,OU=xxxx,OU=Sites,DC=xxxx,DC=com > > 2014-06-26 16:42:50,127 DEBUG [org.ldaptive.auth.Authenticator] - > authenticate > response=[org.ldaptive.auth.AuthenticationHandlerResponse@2038749367::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@11539637::config=[org.ldaptive.ConnectionConfig@673150829::ldapUrl=ldap:// > lahdc.xxxx.com, connectTimeout=3000, responseTimeout=-1, sslConfig=null, > useSSL=false, useStartTLS=false, connectionInitializer=null], > providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@702130607::connectionCount=2, > > environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, > com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, > providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@69575714::operationExceptionResultCodes=[PROTOCOL_ERROR, > > SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null, > tracePackets=null, removeDnUrls=true, > searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, > PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null, > controlProcessor=org.ldaptive.provider.ControlProcessor@433ab64e]], > providerConnection=org.ldaptive.provider.jndi.JndiConnection@659f2755], > result=false, resultCode=INVALID_CREDENTIALS, > message=javax.naming.AuthenticationException: [LDAP: error code 49 - > 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, > data 775, v1772\00], controls=null] for dn=CN=test8\, Bpo,OU=agent > ou,OU=BPO test OU,OU=Campaigns,OU=xxxx,OU=Sites,DC=xxxx,DC=com with > request=[org.ldaptive.auth.AuthenticationRequest@1540952055::user=btest8, > retAttrs=[]] > > 2014-06-26 16:42:50,134 DEBUG > [org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP response: > [org.ldaptive.auth.AuthenticationResponse@1850787950::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE, > > ldapEntry=[dn=CN=test8\, Bpo,OU=agent ou,OU=BPO test > OU,OU=Campaigns,OU=xxxx,OU=Sites,DC=xxxx,DC=com[]], accountState=null, > result=false, resultCode=INVALID_CREDENTIALS, > message=javax.naming.AuthenticationException: [LDAP: error code 49 - > 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, > data 775, v1772\00], controls=null] > > 2014-06-26 16:42:50,136 DEBUG > [org.jasig.cas.authentication.LdapAuthenticationHandler] - Applying > password policy to > [org.ldaptive.auth.AuthenticationResponse@1850787950::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE, > > ldapEntry=[dn=CN=test8\, Bpo,OU=agent ou,OU=BPO test > OU,OU=Campaigns,OU=xxxx,OU=Sites,DC=xxxx,DC=com[]], accountState=null, > result=false, resultCode=INVALID_CREDENTIALS, > message=javax.naming.AuthenticationException: [LDAP: error code 49 - > 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, > data 775, v1772\00], controls=null] > > 2014-06-26 16:42:50,137 DEBUG > [org.jasig.cas.authentication.support.DefaultAccountStateHandler] - Account > state not defined > 2014-06-26 16:42:50,137 DEBUG > [org.jasig.cas.authentication.support.DefaultAccountStateHandler] - > Handling null > 2014-06-26 16:42:50,138 DEBUG > [org.jasig.cas.authentication.support.DefaultAccountStateHandler] - No LDAP > error mapping defined for null > 2014-06-26 16:42:50,138 DEBUG > [org.jasig.cas.authentication.support.DefaultAccountStateHandler] - Account > state warning not defined > 2014-06-26 16:42:50,139 INFO > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > LdapAuthenticationHandler failed authenticating btest8+password > > Thanks > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
