Hi all,
I'm working to authenticate users on a OpenLDAP server.
My cas.properties is like :
#========================================
# Authentication
#========================================
# Base DN of users to be authenticated
ldap.authn.baseDn=dc=domain,dc=local
# Manager DN for authenticated searches
ldap.authn.managerDN=cn=admin,dc=domain,dc=local
# Manager password for authenticated searches
ldap.authn.managerPassword=myadminpwd
# Search filter used for configurations that require searching for DNs
ldap.authn.searchFilter=(uid={user})
# Search filter used for configurations that require searching for DNs
ldap.authn.format=%s
ldap.baseDn=dc=domain,dc=local
ldap.trustedCert=/etc/pki/tls/certs/chain-24222-cas4.exemple.fr-3-AddTrust_External_CA_Root.pem
but, when I try to authenticate, it's not working.
1. Which encryption for password is waiting by CAS (default is md5 in OpenLDAP)
2. In debug log, I can see « searchScope=ONELEVEL » but some users are in sub
OU, so how can I change search scope ?
My log (catalina.out) :
2015-01-15 00:13:39,797 DEBUG [org.ldaptive.SearchOperation] - <execute
request=[org.ldaptive.SearchRequest@1343718622::baseDn=dc=domain,dc=local,
searchFilter=[org.ldaptive.SearchFilter@-286922140::filter=(uid={user}),
parameters={[email protected]}], returnAttributes=[1.1],
searchScope=ONELEVEL, timeLimit=0, sizeLimit=0, derefAliases=null,
typesOnly=false, binaryAttributes=null, sortBehavior=UNORDERED,
searchEntryHandlers=null, searchReferenceHandlers=null, controls=null,
followReferrals=false, intermediateResponseHandlers=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@78993229::config=[org.ldaptive.ConnectionConfig@1828438737::ldapUrl=ldap://10.0.18.12,
connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@78864189::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-762247154::trustCertificates=/etc/pki/tls/certs/chain-24222-cas4.exemple.fr-3-AddTrust_External_CA_Root.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=false,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@879346250::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@189965096::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null,
tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@5e559ce6]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@46aff06c]>
2015-01-15 00:13:39,800 DEBUG [org.ldaptive.SearchOperation] - <execute
response=[org.ldaptive.Response@1702839416::result=[[]], resultCode=SUCCESS,
message=null, matchedDn=null, responseControls=null, referralURLs=null,
messageId=-1] for
request=[org.ldaptive.SearchRequest@1343718622::baseDn=dc=domain,dc=local,
searchFilter=[org.ldaptive.SearchFilter@-286922140::filter=(uid={user}),
parameters={[email protected]}], returnAttributes=[1.1],
searchScope=ONELEVEL, timeLimit=0, sizeLimit=0, derefAliases=null,
typesOnly=false, binaryAttributes=null, sortBehavior=UNORDERED,
searchEntryHandlers=null, searchReferenceHandlers=null, controls=null,
followReferrals=false, intermediateResponseHandlers=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@78993229::config=[org.ldaptive.ConnectionConfig@1828438737::ldapUrl=ldap://10.0.18.12,
connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@78864189::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-762247154::trustCertificates=/etc/pki/tls/certs/chain-24222-cas4.exemple.fr-3-AddTrust_External_CA_Root.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=false,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@879346250::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@189965096::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null,
tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@5e559ce6]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@46aff06c]>
2015-01-15 00:13:39,800 INFO [org.ldaptive.auth.PooledSearchDnResolver] -
<search for [email protected] failed using
filter=[org.ldaptive.SearchFilter@-286922140::filter=(uid={user}),
parameters={[email protected]}]>
2015-01-15 00:13:39,800 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] -
<resolved dn=null for [email protected]>
2015-01-15 00:13:39,800 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate
dn=null with
request=[org.ldaptive.auth.AuthenticationRequest@107501143::[email protected],
retAttrs=[]]>
2015-01-15 00:13:39,800 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - <LDAP response:
[org.ldaptive.auth.AuthenticationResponse@737963274::authenticationResultCode=DN_RESOLUTION_FAILURE,
ldapEntry=null, accountState=null, result=false, resultCode=null, message=DN
cannot be null, controls=null]>
2015-01-15 00:13:39,800 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
<LdapAuthenticationHandler failed authenticating
[email protected]+password>
Thanks for help,
Yannick
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
