Yep, got DEBUG turned on. What exactly should I be looking for? It's ~4100 lines. I can put it on pastebin if needed.
I did find this when looking through the log. 2014-08-26 09:32:48,278 DEBUG [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - <Performing LDAP bind with credential: CN=Christopher Wyatt Sterling,OU=Students,DC=ad,DC=georgiasouthern,DC=edu> 2014-08-26 09:32:48,536 INFO [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - <Failed to authenticate user cs02357 with error [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1 ]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1 ]> 2014-08-26 09:32:48,536 DEBUG [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - <*No error definitions are defined*. Throwing error [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1 ]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1 ]> On Tuesday, August 26, 2014 2:31:12 AM UTC-4, Misagh Moayyed wrote: > > Would you be able to turn on DEBUG in your logs? > > > > *From:* Christopher Sterling [mailto:cwste...@georgiasouthern.edu > <javascript:>] > *Sent:* Monday, August 25, 2014 2:06 PM > *To:* cas-...@lists.jasig.org <javascript:> > *Subject:* [cas-user] Help configuring LPPE in CAS 3.5.2.1 > > > > So, We need some help trying to configure the LPPE module in CAS 3.5.2.1 > and I'm wondering if I can get some help. > > > > We followed the directions here: > https://wiki.jasig.org/pages/viewpage.action?pageId=26149328 > > > > Our pom.xml file: http://ss.chrissterling.me/2014-08-25_1650.png > > > > In the deployerConfigContext.xml file, we added the ref > bean="lppeEnabledLdapAuthenticationHandler" />: > http://ss.chrissterling.me/2014-08-25_1653.png > > > > For the lppe-configuration file, we took the one in the > WEB-INF/unused-spring-configuration/lppe-configuration.xml and moved it to > WEB-INF/spring-configuration/lppe-configuration.xml > > > > In lppe-configuration.xml, we added the error code block to the following > code: > > > > <bean id="lppeEnabledLdapAuthenticationHandler" > class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" > > p:filter="${ldap.authentication.filter}" > > p:searchBase="${ldap.authentication.basedn}" > > p:contextSource-ref="contextSource" > > p:searchContextSource-ref="pooledContextSource" > > > > p:ignorePartialResultException="${ldap.authentication.ignorePartialResultException}"> > > <property name="ldapErrorDefinitions"> > > <list> > > <bean class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition" > > p:ldapPattern="data 530" > > p:type="badHours" /> > > > > <bean class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition" > > p:ldapPattern="data 533" > > p:type="accountDisabled" /> > > > > <bean class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition" > > p:ldapPattern="data 773" > > p:type="mustChangePassword" /> > > > > <bean class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition" > > p:ldapPattern="data 775" > > p:type="accountLocked" /> > > > > <bean class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition" > > p:ldapPattern="data 531" > > p:type="badWorkstation" /> > > > > <bean class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition" > > p:ldapPattern="data (701|532)" > > p:type="passwordExpired" /> > > </list> > > </property> > > </bean> > > > In the cas.properties we have the following settings: > http://ss.chrissterling.me/2014-08-25_1655.png > > > > In the login-webflow.xml we put this in there: > http://ss.chrissterling.me/2014-08-25_1658.png > > > > We haven't done the second replace, but will if suggested. > > > > When a user with an expired password tries to login, they get the > following message: The credentials you provided cannot be determined to be > authentic. > > > > And in the tomcat log, we get the following: > > > > 2014-08-25 14:14:59,317 INFO > [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - <Failed to > authenticate user cs02357 with error [LDAP: error code 49 - 80090308: > LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, > v1db1]; nested exception is javax.naming.AuthenticationException: [LDAP: > error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: > AcceptSecurityContext error, data 773, v1db1]> > > 2014-08-25 14:14:59,317 INFO > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > <org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler failed > authenticating [username: cs02357]> > > 2014-08-25 14:14:59,318 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > > ============================================================= > > WHO: [username: cs02357] > > WHAT: supplied credentials: [username: cs02357] > > ACTION: AUTHENTICATION_FAILED > > APPLICATION: CAS > > WHEN: Mon Aug 25 14:14:59 EDT 2014 > > CLIENT IP ADDRESS: 141.165.2.185 > > SERVER IP ADDRESS: 141.165.6.22 > > ============================================================= > > > > > > > > > Now, I did notice, in our log, we do have these NUL values coming back as > well: http://ss.chrissterling.me/2014-08-25_1704.png (note the arrows) > > > > Does anybody have any suggestions as to what we can do to see if we can > get this fixed and working? Do you guys need anything else from me in the > way of debugging? > > > > > > -- > > You are currently subscribed to cas-...@lists.jasig.org <javascript:> as: > mmoa...@unicon.net <javascript:> > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to cas-...@lists.jasig.org <javascript:> as: > jasig-cas-user...@googlegroups.com <javascript:> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
