BTW this should be updated in the documentation at http://jasig.github.io/cas/4.0.0/installation/LDAP-Authentication.html
On Wednesday, July 9, 2014 10:34:15 PM UTC+5, wa wrote: > > Figured it out. Had to add the > ActiveDirectoryAuthenticationResponseHandler as below to be able to parse > AD response. > > > <bean id="authenticator" class="org.ldaptive.auth.Authenticator" > c:resolver-ref="dnResolver" > c:handler-ref="authHandler"> > <property name="authenticationResponseHandlers"> > <list> > <bean > class="org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler" > /> > </list> > </property> > </bean> > > > On Monday, July 7, 2014 6:56:40 PM UTC+5, wa wrote: >> >> Active Directory is running on Windows 2008 Server >> >> On Monday, July 7, 2014 11:46:53 AM UTC+5, wa wrote: >>> >>> LPPE configuration is as below >>> >>> <bean id="ldapAuthenticationHandler" >>> class="org.jasig.cas.authentication.LdapAuthenticationHandler" >>> p:principalIdAttribute="sAMAccountName" >>> c:authenticator-ref="authenticator" >>> p:passwordPolicyConfiguration-ref="passwordPolicy"> >>> <property name="principalAttributeMap"> >>> <map> >>> <!-- >>> | This map provides a simple attribute resolution >>> mechanism. >>> | Keys are LDAP attribute names, values are CAS attribute >>> names. >>> | Use this facility instead of a PrincipalResolver if >>> LDAP is >>> | the only attribute source. >>> --> >>> <entry key="member" value="member" /> >>> <entry key="mail" value="mail" /> >>> <entry key="displayName" value="displayName" /> >>> </map> >>> </property> >>> </bean> >>> >>> ***************lppe-configuration.xml*************** >>> >>> <beans xmlns="http://www.springframework.org/schema/beans"; >>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >>> xmlns:p="http://www.springframework.org/schema/p"; >>> xsi:schemaLocation="http://www.springframework.org/schema/beans >>> http://www.springframework.org/schema/beans/spring-beans.xsd";> >>> >>> <!-- >>> | Sample LDAP password policy configuration. >>> | There are notable configuration requirements for LDAP components >>> required for password policy >>> | depending on the directory (Active Directory, OpenLDAP, etc). >>> | See CAS documentation for more information. >>> --> >>> <bean id="passwordPolicy" >>> class="org.jasig.cas.authentication.support.LdapPasswordPolicyConfiguration" >>> >>> p:alwaysDisplayPasswordExpirationWarning="${password.policy.warnAll}" >>> p:passwordWarningNumberOfDays="${password.policy.warningDays}" >>> p:passwordPolicyUrl="${password.policy.url}" >>> p:accountStateHandler-ref="accountStateHandler" /> >>> >>> <!-- This component is suitable for most cases but can be replaced >>> with a custom component for special cases. --> >>> <bean id="accountStateHandler" >>> class="org.jasig.cas.authentication.support.DefaultAccountStateHander" /> >>> >>> </beans> >>> >>> >>> I will check and confirm the Windows server version. Thanks. >>> >>> >>> On Saturday, July 5, 2014 9:43:22 AM UTC+5, Daniel Fisher wrote: >>>> >>>> On Thu, Jun 26, 2014 at 7:59 AM, wa <[email protected]> wrote: >>>> > 2014-06-26 16:42:50,134 DEBUG >>>> > [org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP >>>> response: >>>> > >>>> [org.ldaptive.auth.AuthenticationResponse@1850787950::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE, >>>> >>>> >>>> > ldapEntry=[dn=CN=test8\, Bpo,OU=agent ou,OU=BPO test >>>> > OU,OU=Campaigns,OU=xxxx,OU=Sites,DC=xxxx,DC=com[]], >>>> accountState=null, >>>> > result=false, resultCode=INVALID_CREDENTIALS, >>>> > message=javax.naming.AuthenticationException: [LDAP: error code 49 - >>>> > 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext >>>> error, data >>>> > 775, v1772\00], controls=null] >>>> > >>>> >>>> accountState is null, so either the authentication response handler >>>> failed to parse the response or it isn't configured correctly. What >>>> does your lppe configuration look like? >>>> >>>> --Daniel Fisher >>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
