Where to check this entry attribute. In the back end its giving Unable to validate proxy ticket validator issue.
-----Original Message----- From: Vincent Repain [mailto:[email protected]] Sent: Friday, July 18, 2014 2:48 PM To: [email protected] Subject: Re: [cas-user] CAS 4 and LDAP Hi, FWIW : I had a similar problem and the issue whas opendlap side (i suppose that you are using openldap), where the bind was OK but the search of the entry that followed returned no value. Could you verify that self has read permission on "entry" attribute in your tree (ou=personnel,ou=people,dc=unice,dc=fr) ? Le 17/07/2014 14:06, [email protected] a écrit : > Hi, > > I have a problem with cas 4 and the connector LDAP. > I think that i can pass the ldap authentication but the > PolicyAuthentication Manager don't let me pass. > I have seen a post here > (https://groups.google.com/forum/#!msg/jasig-cas-dev/3CyO92Vk8XA/V2RrU > s3m4e8J > <https://groups.google.com/forum/#%21msg/jasig-cas-dev/3CyO92Vk8XA/V2R > rUs3m4e8J>) which say that to resolved my problem i have to edit > ldapAuthenticationHandler and change by this code : > if (response.getResult()) { > return doPostAuthentication(response); } > > But the code has changed even if my problem is exactly the same. > > > here my log : > > *----------------------------------------* > *----------------------------------------* > 014-07-17 13:48:40,402 INFO [org.ldaptive.auth.Authenticator] - > Authentication succeeded for dn: > uid=myuser,ou=personnel,ou=people,dc=unice,dc=fr > 2014-07-17 13:48:40,403 DEBUG [org.ldaptive.auth.Authenticator] - > authenticate > response=[org.ldaptive.auth.AuthenticationHandlerResponse@1361780777:: > connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@42 > 6627437::config=[org.ldaptive.ConnectionConfig@46831809::ldapUrl=ldap: > //myldapserveur:389/, connectTimeout=3000, responseTimeout=-1, > sslConfig=null, useSSL=false, useStartTLS=false, > connectionInitializer=null], > providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFa > ctory@887911370::connectionCount=1, > environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFact > ory, com.sun.jndi.ldap.connect.timeout=3000, > java.naming.ldap.version=3}, > providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@84493845 > 8::operationExceptionResultCodes=[PROTOCOL_ERROR, > SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, > environment=null, tracePackets=null, removeDnUrls=true, > searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, > PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null, > controlProcessor=org.ldaptive.provider.ControlProcessor@6672a60a]], > providerConnection=org.ldaptive.provider.jndi.JndiConnection@fa5edeb], > result=true, resultCode=SUCCESS, message=null, controls=null] for > dn=uid=myuser,ou=personnel,ou=people,dc=unice,dc=fr with > request=[org.ldaptive.auth.AuthenticationRequest@1438545291::user=myus > er, > retAttrs=[]] > 2014-07-17 13:48:40,403 DEBUG > [org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP > response: > [org.ldaptive.auth.AuthenticationResponse@306513608::authenticationRes > ultCode=AUTHENTICATION_HANDLER_SUCCESS, > ldapEntry=[dn=uid=myuser,ou=personnel,ou=people,dc=unice,dc=fr[]], > accountState=null, result=true, resultCode=SUCCESS, message=null, > controls=null] > 2014-07-17 13:48:40,404 INFO > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > LdapAuthenticationHandler failed authenticating myuser+password > 2014-07-17 13:48:40,412 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - > Audit trail record BEGIN > ============================================================= > WHO: audit:unknown > WHAT: supplied credentials: [myuser+password] > ACTION: AUTHENTICATION_FAILED > APPLICATION: CAS > WHEN: Thu Jul 17 13:48:40 CEST 2014 > CLIENT IP ADDRESS: xxxx > SERVER IP ADDRESS: xxx.unice.fr <http://xxx.unice.fr> > ============================================================= > > > 2014-07-17 13:48:40,413 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - > Audit trail record BEGIN > ============================================================= > WHO: audit:unknown > WHAT: 1 errors, 0 successes > ACTION: TICKET_GRANTING_TICKET_NOT_CREATED > APPLICATION: CAS > WHEN: Thu Jul 17 13:48:40 CEST 2014 > CLIENT IP ADDRESS: xxx > SERVER IP ADDRESS: xxx.unice.fr <http://xxx.unice.fr> > *----------------------------------------* > *----------------------------------------* > > > > > > and my deployerConfigContext. (attach file) > > > Someone got an idea ? > Thanks a lot for your responses. > > > > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or > access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > ----------------------------------------------------------------- > Daniel CHARLOT > D.S.I. Université de Nice Sophia-Antipolis Administrateur Systèmes et > Réseaux 28, avenue de Valrose - BP 2135 - 06103 NICE Tél : > 04-92-07-67-07 > > > > > > > > > > > -- Vincent Repain INSA de Rennes Centre de ressources informatiques 02.23.23.83.31 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user **************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system. ***INFOSYS******** End of Disclaimer ********INFOSYS*** -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
