Marvin offered to update the documentation once you confirmed the fix. Thank you for closing the loop on this.
--Daniel Fisher On Wed, Jul 9, 2014 at 1:36 PM, wa <[email protected]> wrote: > BTW this should be updated in the documentation at > http://jasig.github.io/cas/4.0.0/installation/LDAP-Authentication.html > > > On Wednesday, July 9, 2014 10:34:15 PM UTC+5, wa wrote: >> >> Figured it out. Had to add the >> ActiveDirectoryAuthenticationResponseHandler as below to be able to parse AD >> response. >> >> >> <bean id="authenticator" class="org.ldaptive.auth.Authenticator" >> c:resolver-ref="dnResolver" >> c:handler-ref="authHandler"> >> <property name="authenticationResponseHandlers"> >> <list> >> <bean >> class="org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler" >> /> >> </list> >> </property> >> </bean> >> >> >> On Monday, July 7, 2014 6:56:40 PM UTC+5, wa wrote: >>> >>> Active Directory is running on Windows 2008 Server >>> >>> On Monday, July 7, 2014 11:46:53 AM UTC+5, wa wrote: >>>> >>>> LPPE configuration is as below >>>> >>>> <bean id="ldapAuthenticationHandler" >>>> class="org.jasig.cas.authentication.LdapAuthenticationHandler" >>>> p:principalIdAttribute="sAMAccountName" >>>> c:authenticator-ref="authenticator" >>>> p:passwordPolicyConfiguration-ref="passwordPolicy"> >>>> <property name="principalAttributeMap"> >>>> <map> >>>> <!-- >>>> | This map provides a simple attribute resolution >>>> mechanism. >>>> | Keys are LDAP attribute names, values are CAS attribute >>>> names. >>>> | Use this facility instead of a PrincipalResolver if >>>> LDAP is >>>> | the only attribute source. >>>> --> >>>> <entry key="member" value="member" /> >>>> <entry key="mail" value="mail" /> >>>> <entry key="displayName" value="displayName" /> >>>> </map> >>>> </property> >>>> </bean> >>>> >>>> ***************lppe-configuration.xml*************** >>>> >>>> <beans xmlns="http://www.springframework.org/schema/beans"; >>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >>>> xmlns:p="http://www.springframework.org/schema/p"; >>>> xsi:schemaLocation="http://www.springframework.org/schema/beans >>>> http://www.springframework.org/schema/beans/spring-beans.xsd";> >>>> >>>> <!-- >>>> | Sample LDAP password policy configuration. >>>> | There are notable configuration requirements for LDAP components >>>> required for password policy >>>> | depending on the directory (Active Directory, OpenLDAP, etc). >>>> | See CAS documentation for more information. >>>> --> >>>> <bean id="passwordPolicy" >>>> class="org.jasig.cas.authentication.support.LdapPasswordPolicyConfiguration" >>>> >>>> p:alwaysDisplayPasswordExpirationWarning="${password.policy.warnAll}" >>>> p:passwordWarningNumberOfDays="${password.policy.warningDays}" >>>> p:passwordPolicyUrl="${password.policy.url}" >>>> p:accountStateHandler-ref="accountStateHandler" /> >>>> >>>> <!-- This component is suitable for most cases but can be replaced >>>> with a custom component for special cases. --> >>>> <bean id="accountStateHandler" >>>> class="org.jasig.cas.authentication.support.DefaultAccountStateHander" /> >>>> >>>> </beans> >>>> >>>> >>>> I will check and confirm the Windows server version. Thanks. >>>> >>>> >>>> On Saturday, July 5, 2014 9:43:22 AM UTC+5, Daniel Fisher wrote: >>>>> >>>>> On Thu, Jun 26, 2014 at 7:59 AM, wa <[email protected]> wrote: >>>>> > 2014-06-26 16:42:50,134 DEBUG >>>>> > [org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP >>>>> > response: >>>>> > >>>>> > [org.ldaptive.auth.AuthenticationResponse@1850787950::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE, >>>>> > ldapEntry=[dn=CN=test8\, Bpo,OU=agent ou,OU=BPO test >>>>> > OU,OU=Campaigns,OU=xxxx,OU=Sites,DC=xxxx,DC=com[]], >>>>> > accountState=null, >>>>> > result=false, resultCode=INVALID_CREDENTIALS, >>>>> > message=javax.naming.AuthenticationException: [LDAP: error code 49 - >>>>> > 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext >>>>> > error, data >>>>> > 775, v1772\00], controls=null] >>>>> > >>>>> >>>>> accountState is null, so either the authentication response handler >>>>> failed to parse the response or it isn't configured correctly. What >>>>> does your lppe configuration look like? >>>>> >>>>> --Daniel Fisher >>>>> >>>>> -- >>>>> You are currently subscribed to [email protected] as: >>>>> [email protected] >>>>> To unsubscribe, change settings or access archives, see >>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
