Figured it out. Had to add the ActiveDirectoryAuthenticationResponseHandler
as below to be able to parse AD response.
<bean id="authenticator" class="org.ldaptive.auth.Authenticator"
c:resolver-ref="dnResolver"
c:handler-ref="authHandler">
<property name="authenticationResponseHandlers">
<list>
<bean
class="org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler"
/>
</list>
</property>
</bean>
On Monday, July 7, 2014 6:56:40 PM UTC+5, wa wrote:
>
> Active Directory is running on Windows 2008 Server
>
> On Monday, July 7, 2014 11:46:53 AM UTC+5, wa wrote:
>>
>> LPPE configuration is as below
>>
>> <bean id="ldapAuthenticationHandler"
>> class="org.jasig.cas.authentication.LdapAuthenticationHandler"
>> p:principalIdAttribute="sAMAccountName"
>> c:authenticator-ref="authenticator"
>> p:passwordPolicyConfiguration-ref="passwordPolicy">
>> <property name="principalAttributeMap">
>> <map>
>> <!--
>> | This map provides a simple attribute resolution
>> mechanism.
>> | Keys are LDAP attribute names, values are CAS attribute
>> names.
>> | Use this facility instead of a PrincipalResolver if LDAP
>> is
>> | the only attribute source.
>> -->
>> <entry key="member" value="member" />
>> <entry key="mail" value="mail" />
>> <entry key="displayName" value="displayName" />
>> </map>
>> </property>
>> </bean>
>>
>> ***************lppe-configuration.xml***************
>>
>> <beans xmlns="http://www.springframework.org/schema/beans";
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>> xmlns:p="http://www.springframework.org/schema/p";
>> xsi:schemaLocation="http://www.springframework.org/schema/beans
>> http://www.springframework.org/schema/beans/spring-beans.xsd";>
>>
>> <!--
>> | Sample LDAP password policy configuration.
>> | There are notable configuration requirements for LDAP components
>> required for password policy
>> | depending on the directory (Active Directory, OpenLDAP, etc).
>> | See CAS documentation for more information.
>> -->
>> <bean id="passwordPolicy"
>> class="org.jasig.cas.authentication.support.LdapPasswordPolicyConfiguration"
>>
>> p:alwaysDisplayPasswordExpirationWarning="${password.policy.warnAll}"
>> p:passwordWarningNumberOfDays="${password.policy.warningDays}"
>> p:passwordPolicyUrl="${password.policy.url}"
>> p:accountStateHandler-ref="accountStateHandler" />
>>
>> <!-- This component is suitable for most cases but can be replaced with
>> a custom component for special cases. -->
>> <bean id="accountStateHandler"
>> class="org.jasig.cas.authentication.support.DefaultAccountStateHander" />
>>
>> </beans>
>>
>>
>> I will check and confirm the Windows server version. Thanks.
>>
>>
>> On Saturday, July 5, 2014 9:43:22 AM UTC+5, Daniel Fisher wrote:
>>>
>>> On Thu, Jun 26, 2014 at 7:59 AM, wa <[email protected]> wrote:
>>> > 2014-06-26 16:42:50,134 DEBUG
>>> > [org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP
>>> response:
>>> >
>>> [org.ldaptive.auth.AuthenticationResponse@1850787950::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE,
>>>
>>>
>>> > ldapEntry=[dn=CN=test8\, Bpo,OU=agent ou,OU=BPO test
>>> > OU,OU=Campaigns,OU=xxxx,OU=Sites,DC=xxxx,DC=com[]], accountState=null,
>>> > result=false, resultCode=INVALID_CREDENTIALS,
>>> > message=javax.naming.AuthenticationException: [LDAP: error code 49 -
>>> > 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext
>>> error, data
>>> > 775, v1772\00], controls=null]
>>> >
>>>
>>> accountState is null, so either the authentication response handler
>>> failed to parse the response or it isn't configured correctly. What
>>> does your lppe configuration look like?
>>>
>>> --Daniel Fisher
>>>
>>> --
>>> You are currently subscribed to [email protected] as:
>>> [email protected]
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>> --
>> You are currently subscribed to [email protected] as:
>> [email protected]
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
