Daniel,
I¹ve added the context component (along with the required namespace
declarations in the bean.) With this in place, I do see the correct LDAP
attribute queries on login, now I¹ll work on getting them mapped
appropriately for use by the principalIdAttribute.
So, as for the flow processing, after upping all ldaptive logs to DEBUG,
here¹s what I get:
2014-07-21 15:19:24,497 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] -
<resolve user=XXX>
2014-07-21 15:19:24,497 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] -
<searching for DN using userFilter>
2014-07-21 15:19:24,502 DEBUG [org.ldaptive.SearchOperation] - <execute
request=[org.ldaptive.SearchRequest@1203220811::baseDn=ou=people,dc=nau,dc=
edu,
searchFilter=[org.ldaptive.SearchFilter@929944936::filter=(uid={user}),
parameters={user=XXX}], returnAttributes=[1.1], searchScope=ONELEVEL,
timeLimit=0, sizeLimit=0, derefAliases=null, typesOnly=false,
binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null,
searchReferenceHandlers=null, controls=null, followReferrals=false,
intermediateResponseHandlers=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1424734
650::config=[org.ldaptive.ConnectionConfig@1957604683::ldapUrl=ldap://ldap-
dev.nau.edu, connectTimeout=3000, responseTimeout=-1, sslConfig=null,
useSSL=false, useStartTLS=false,
connectionInitializer=[org.ldaptive.BindConnectionInitializer@2012435141::b
indDn=ZZZ, bindSaslConfig=null, bindControls=null]],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory
@1185256582::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1287344051::o
perationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={},
connectionStrategy=DEFAULT, environment=null, tracePackets=null,
removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED,
SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null,
hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@1d6d9820]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@20ba0da6]>
2014-07-21 15:19:24,513 DEBUG [org.ldaptive.SearchOperation] - <execute
response=[org.ldaptive.Response@2146323139::result=[[[dn=YYY[],
responseControls=null, messageId=-1]]], resultCode=SUCCESS, message=null,
matchedDn=null, responseControls=null, referralURLs=null, messageId=-1]
for
request=[org.ldaptive.SearchRequest@1203220811::baseDn=ou=people,dc=nau,dc=
edu,
searchFilter=[org.ldaptive.SearchFilter@929944936::filter=(uid={user}),
parameters={user=XXX}], returnAttributes=[1.1], searchScope=ONELEVEL,
timeLimit=0, sizeLimit=0, derefAliases=null, typesOnly=false,
binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null,
searchReferenceHandlers=null, controls=null, followReferrals=false,
intermediateResponseHandlers=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1424734
650::config=[org.ldaptive.ConnectionConfig@1957604683::ldapUrl=ldap://ldap-
dev.nau.edu, connectTimeout=3000, responseTimeout=-1, sslConfig=null,
useSSL=false, useStartTLS=false,
connectionInitializer=[org.ldaptive.BindConnectionInitializer@2012435141::b
indDn=ZZZ, bindSaslConfig=null, bindControls=null]],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory
@1185256582::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1287344051::o
perationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={},
connectionStrategy=DEFAULT, environment=null, tracePackets=null,
removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED,
SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null,
hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@1d6d9820]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@20ba0da6]>
2014-07-21 15:19:24,513 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] -
<resolved dn=YYY for user=XXX>
2014-07-21 15:19:24,514 DEBUG [org.ldaptive.auth.Authenticator] -
<authenticate dn=YYY with
request=[org.ldaptive.auth.AuthenticationRequest@739931705::user=XXX,
retAttrs=[uid, uid]]>
2014-07-21 15:19:24,514 DEBUG
[org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate
criteria=[org.ldaptive.auth.AuthenticationCriteria@2101849805::dn=YYY,
authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@739931705::u
ser=XXX, retAttrs=[uid, uid]]]>
2014-07-21 15:19:24,516 DEBUG [org.ldaptive.BindOperation] - <execute
request=[org.ldaptive.BindRequest@770614367::bindDn=YYY, saslConfig=null,
controls=[[org.ldaptive.control.PasswordPolicyControl@-350057371::criticali
ty=false, timeBeforeExpiration=0, graceAuthNsRemaining=0, error=null]]]
with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1456920
262::config=[org.ldaptive.ConnectionConfig@95069304::ldapUrl=ldap://ldap-de
v.nau.edu, connectTimeout=3000, responseTimeout=-1, sslConfig=null,
useSSL=false, useStartTLS=false, connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory
@1394578295::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1040880707::o
perationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={},
connectionStrategy=DEFAULT, environment=null, tracePackets=null,
removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED,
SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null,
hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@288bda87]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@75b7e9dc]>
2014-07-21 15:19:24,549 DEBUG [org.ldaptive.BindOperation] - <execute
response=[org.ldaptive.Response@1416746354::result=null,
resultCode=SUCCESS, message=null, matchedDn=null,
responseControls=[[org.ldaptive.control.PasswordPolicyControl@-350057371::c
riticality=false, timeBeforeExpiration=0, graceAuthNsRemaining=0,
error=null]], referralURLs=null, messageId=-1] for
request=[org.ldaptive.BindRequest@770614367::bindDn=YYY, saslConfig=null,
controls=[[org.ldaptive.control.PasswordPolicyControl@-350057371::criticali
ty=false, timeBeforeExpiration=0, graceAuthNsRemaining=0, error=null]]]
with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1456920
262::config=[org.ldaptive.ConnectionConfig@95069304::ldapUrl=ldap://ldap-de
v.nau.edu, connectTimeout=3000, responseTimeout=-1, sslConfig=null,
useSSL=false, useStartTLS=false, connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory
@1394578295::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1040880707::o
perationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={},
connectionStrategy=DEFAULT, environment=null, tracePackets=null,
removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED,
SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null,
hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@288bda87]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@75b7e9dc]>
2014-07-21 15:19:24,553 DEBUG
[org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate
response=[org.ldaptive.auth.AuthenticationHandlerResponse@2104777389::conne
ction=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1456920262::
config=[org.ldaptive.ConnectionConfig@95069304::ldapUrl=ldap://ldap-dev.nau
.edu, connectTimeout=3000, responseTimeout=-1, sslConfig=null,
useSSL=false, useStartTLS=false, connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory
@1394578295::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1040880707::o
perationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={},
connectionStrategy=DEFAULT, environment=null, tracePackets=null,
removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED,
SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null,
hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@288bda87]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@75b7e9dc],
result=true, resultCode=SUCCESS, message=null,
controls=[[org.ldaptive.control.PasswordPolicyControl@-350057371::criticali
ty=false, timeBeforeExpiration=0, graceAuthNsRemaining=0, error=null]]]
for criteria=[org.ldaptive.auth.AuthenticationCriteria@2101849805::dn=YYY,
authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@739931705::u
ser=XXX, retAttrs=[uid, uid]]]>
2014-07-21 15:19:24,555 DEBUG [org.ldaptive.auth.SearchEntryResolver] -
<resolve
criteria=[org.ldaptive.auth.AuthenticationCriteria@2101849805::dn=YYY,
authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@739931705::u
ser=XXX, retAttrs=[uid, uid]]]>
2014-07-21 15:19:24,557 DEBUG [org.ldaptive.SearchOperation] - <execute
request=[org.ldaptive.SearchRequest@2076597896::baseDn=YYY,
searchFilter=[org.ldaptive.SearchFilter@1642584434::filter=(objectClass=*),
parameters={}], returnAttributes=[uid, uid], searchScope=OBJECT,
timeLimit=0, sizeLimit=0, derefAliases=null, typesOnly=false,
binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null,
searchReferenceHandlers=null, controls=null, followReferrals=false,
intermediateResponseHandlers=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1456920
262::config=[org.ldaptive.ConnectionConfig@95069304::ldapUrl=ldap://ldap-de
v.nau.edu, connectTimeout=3000, responseTimeout=-1, sslConfig=null,
useSSL=false, useStartTLS=false, connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory
@1394578295::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1040880707::o
perationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={},
connectionStrategy=DEFAULT, environment=null, tracePackets=null,
removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED,
SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null,
hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@288bda87]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@75b7e9dc]>
2014-07-21 15:19:24,588 DEBUG [org.ldaptive.SearchOperation] - <execute
response=[org.ldaptive.Response@2065698242::result=[[[dn=YYY[[uid[XXX]]],
responseControls=null, messageId=-1]]], resultCode=SUCCESS, message=null,
matchedDn=null, responseControls=null, referralURLs=null, messageId=-1]
for request=[org.ldaptive.SearchRequest@2076597896::baseDn=YYY,
searchFilter=[org.ldaptive.SearchFilter@1642584434::filter=(objectClass=*),
parameters={}], returnAttributes=[uid, uid], searchScope=OBJECT,
timeLimit=0, sizeLimit=0, derefAliases=null, typesOnly=false,
binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null,
searchReferenceHandlers=null, controls=null, followReferrals=false,
intermediateResponseHandlers=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1456920
262::config=[org.ldaptive.ConnectionConfig@95069304::ldapUrl=ldap://ldap-de
v.nau.edu, connectTimeout=3000, responseTimeout=-1, sslConfig=null,
useSSL=false, useStartTLS=false, connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory
@1394578295::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1040880707::o
perationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={},
connectionStrategy=DEFAULT, environment=null, tracePackets=null,
removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED,
SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null,
hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@288bda87]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@75b7e9dc]>
2014-07-21 15:19:24,589 DEBUG [org.ldaptive.auth.SearchEntryResolver] -
<resolved result=[[[dn=YYY[[uid[XXX]]], responseControls=null,
messageId=-1]]] for
criteria=[org.ldaptive.auth.AuthenticationCriteria@2101849805::dn=YYY,
authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@739931705::u
ser=XXX, retAttrs=[uid, uid]]]>
2014-07-21 15:19:24,589 INFO [org.ldaptive.auth.Authenticator] -
<Authentication succeeded for dn: YYY>
2014-07-21 15:19:24,593 DEBUG [org.ldaptive.auth.Authenticator] -
<authenticate
response=[org.ldaptive.auth.AuthenticationHandlerResponse@2104777389::conne
ction=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1456920262::
config=[org.ldaptive.ConnectionConfig@95069304::ldapUrl=ldap://ldap-dev.nau
.edu, connectTimeout=3000, responseTimeout=-1, sslConfig=null,
useSSL=false, useStartTLS=false, connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory
@1394578295::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1040880707::o
perationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={},
connectionStrategy=DEFAULT, environment=null, tracePackets=null,
removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED,
SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null,
hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@288bda87]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@75b7e9dc],
result=true, resultCode=SUCCESS, message=null,
controls=[[org.ldaptive.control.PasswordPolicyControl@-350057371::criticali
ty=false, timeBeforeExpiration=0, graceAuthNsRemaining=0, error=null]]]
for dn=YYY with
request=[org.ldaptive.auth.AuthenticationRequest@739931705::user=XXX,
retAttrs=[uid, uid]]>
2014-07-21 15:19:24,600 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
<LdapAuthenticationHandler successfully authenticated XXX+password>
2014-07-21 15:19:24,604 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
<Authenticated XXX with credentials [XXX+password].>
2014-07-21 15:19:24,912 DEBUG
[org.jasig.cas.web.flow.TerminateWebSessionListener] - <Terminate web
session 86222065E6FB9BFCBEFB8E7FFDD18BFE in 2 seconds>
Thanks much in advance for any info.
‹
Raymond Walker
Software Systems Engineer StSp.
ITS - Northern Arizona University
On 7/21/14, 11:25 AM, "Daniel Fisher" <[email protected]> wrote:
>On Mon, Jul 21, 2014 at 1:15 PM, Raymond Drew Walker <[email protected]>
>wrote:
>>
>>controls=[[org.ldaptive.control.PasswordPolicyControl@-350057371::critica
>>li
>> ty=false, timeBeforeExpiration=0, graceAuthNsRemaining=0, error=null]]]
>
>There's the control, but it doesn't look like it was parsed correctly.
>Can you turn the ldaptive logging up to trace and repost this log?
>
>>
>> I¹m not seeing anything here related to determining the password
>> expiration time for the user, nor am I seeing any webflow shift to
>>display
>> warning for this user, even though their password is not expired. Any
>> ideas?
>
>The account state isn't being set, which is what I believe drive the
>flow changes.
>Let's figure out what is happening with the ppolicy stuff first.
>
>> Also, the scrubbed portion of this shows a large number of returned
>> attributes, is it possible to retrieve one of these (uid) to replace the
>> principalID? This may be off topic, as I¹ve started another thread about
>> this.
>
>Add this:
><context:component-scan base-package="org.jasig.cas.authentication" />
>to your deploy config.
>
>--Daniel Fisher
>
>--
>You are currently subscribed to [email protected] as:
>[email protected]
>To unsubscribe, change settings or access archives, see
>http://www.ja-sig.org/wiki/display/JSG/cas-user
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
