Would you be able to turn on DEBUG in your logs?
From: Christopher Sterling [mailto:cwsterl...@georgiasouthern.edu] Sent: Monday, August 25, 2014 2:06 PM To: cas-user@lists.jasig.org Subject: [cas-user] Help configuring LPPE in CAS 3.5.2.1 So, We need some help trying to configure the LPPE module in CAS 3.5.2.1 and I'm wondering if I can get some help. We followed the directions here: https://wiki.jasig.org/pages/viewpage.action?pageId=26149328 Our pom.xml file: http://ss.chrissterling.me/2014-08-25_1650.png In the deployerConfigContext.xml file, we added the ref bean="lppeEnabledLdapAuthenticationHandler" />: http://ss.chrissterling.me/2014-08-25_1653.png For the lppe-configuration file, we took the one in the WEB-INF/unused-spring-configuration/lppe-configuration.xml and moved it to WEB-INF/spring-configuration/lppe-configuration.xml In lppe-configuration.xml, we added the error code block to the following code: <bean id="lppeEnabledLdapAuthenticationHandler" class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" p:filter="${ldap.authentication.filter}" p:searchBase="${ldap.authentication.basedn}" p:contextSource-ref="contextSource" p:searchContextSource-ref="pooledContextSource" p:ignorePartialResultException="${ldap.authentication.ignorePartialResultException}"> <property name="ldapErrorDefinitions"> <list> <bean class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition" p:ldapPattern="data 530" p:type="badHours" /> <bean class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition" p:ldapPattern="data 533" p:type="accountDisabled" /> <bean class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition" p:ldapPattern="data 773" p:type="mustChangePassword" /> <bean class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition" p:ldapPattern="data 775" p:type="accountLocked" /> <bean class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition" p:ldapPattern="data 531" p:type="badWorkstation" /> <bean class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition" p:ldapPattern="data (701|532)" p:type="passwordExpired" /> </list> </property> </bean> In the cas.properties we have the following settings: http://ss.chrissterling.me/2014-08-25_1655.png In the login-webflow.xml we put this in there: http://ss.chrissterling.me/2014-08-25_1658.png We haven't done the second replace, but will if suggested. When a user with an expired password tries to login, they get the following message: The credentials you provided cannot be determined to be authentic. And in the tomcat log, we get the following: 2014-08-25 14:14:59,317 INFO [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - <Failed to authenticate user cs02357 with error [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1]> 2014-08-25 14:14:59,317 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler failed authenticating [username: cs02357]> 2014-08-25 14:14:59,318 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: [username: cs02357] WHAT: supplied credentials: [username: cs02357] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Mon Aug 25 14:14:59 EDT 2014 CLIENT IP ADDRESS: 141.165.2.185 SERVER IP ADDRESS: 141.165.6.22 ============================================================= > Now, I did notice, in our log, we do have these NUL values coming back as well: http://ss.chrissterling.me/2014-08-25_1704.png (note the arrows) Does anybody have any suggestions as to what we can do to see if we can get this fixed and working? Do you guys need anything else from me in the way of debugging? -- You are currently subscribed to cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> as: mmoay...@unicon.net <mailto:mmoay...@unicon.net> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user