Hi, i think you have to turn on the subtreeSearch in your bean dnResolver
like this :
<bean id="dnResolver"
class="org.ldaptive.auth.PooledSearchDnResolver"
p:baseDn="${ldap.authn.baseDn}"
p:allowMultipleDns="false"
p:subtreeSearch="true"
p:connectionFactory-ref="searchPooledLdapConnectionFactory"
p:userFilter="${ldap.authn.searchFilter}" />
Hope this helps
2015-01-15 9:01 GMT+01:00 Yannick MOLINET <[email protected]>:
> Hi all,
>
> I'm working to authenticate users on a OpenLDAP server.
> My cas.properties is like :
>
> #========================================
> # Authentication
> #========================================
>
> # Base DN of users to be authenticated
> ldap.authn.baseDn=dc=domain,dc=local
>
> # Manager DN for authenticated searches
> ldap.authn.managerDN=cn=admin,dc=domain,dc=local
>
> # Manager password for authenticated searches
> ldap.authn.managerPassword=myadminpwd
>
> # Search filter used for configurations that require searching for DNs
> ldap.authn.searchFilter=(uid={user})
>
> # Search filter used for configurations that require searching for DNs
> ldap.authn.format=%s
> ldap.baseDn=dc=domain,dc=local
>
>
> ldap.trustedCert=/etc/pki/tls/certs/chain-24222-cas4.exemple.fr-3-AddTrust_External_CA_Root.pem
>
> but, when I try to authenticate, it's not working.
>
> 1. Which encryption for password is waiting by CAS (default is md5 in
> OpenLDAP)
> 2. In debug log, I can see « searchScope=ONELEVEL » but some users are in
> sub OU, so how can I change search scope ?
>
> My log (catalina.out) :
>
> 2015-01-15 00:13:39,797 DEBUG [org.ldaptive.SearchOperation] - <execute
> request=[org.ldaptive.SearchRequest@1343718622::baseDn=dc=domain,dc=local,
> searchFilter=[org.ldaptive.SearchFilter@-286922140::filter=(uid={user}),
> parameters={[email protected]}], returnAttributes=[1.1],
> searchScope=ONELEVEL, timeLimit=0, sizeLimit=0, derefAliases=null,
> typesOnly=false, binaryAttributes=null, sortBehavior=UNORDERED,
> searchEntryHandlers=null, searchReferenceHandlers=null, controls=null,
> followReferrals=false, intermediateResponseHandlers=null] with
> connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@78993229
> ::config=[org.ldaptive.ConnectionConfig@1828438737::ldapUrl=ldap://
> 10.0.18.12, connectTimeout=3000, responseTimeout=-1,
> sslConfig=[org.ldaptive.ssl.SslConfig@78864189
> ::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-762247154::trustCertificates=/etc/pki/tls/certs/chain-24222-cas4.exemple.fr-3-AddTrust_External_CA_Root.pem,
> authenticationCertificate=null, authenticationKey=null],
> trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
> handshakeCompletedListeners=null], useSSL=false, useStartTLS=false,
> connectionInitializer=null],
> providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@879346250::connectionCount=1,
> environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
> providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@189965096::operationExceptionResultCodes=[PROTOCOL_ERROR,
> SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null,
> tracePackets=null, removeDnUrls=true,
> searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
> PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null,
> controlProcessor=org.ldaptive.provider.ControlProcessor@5e559ce6]],
> providerConnection=org.ldaptive.provider.jndi.JndiConnection@46aff06c]>
>
> 2015-01-15 00:13:39,800 DEBUG [org.ldaptive.SearchOperation] - <execute
> response=[org.ldaptive.Response@1702839416::result=[[]],
> resultCode=SUCCESS, message=null, matchedDn=null, responseControls=null,
> referralURLs=null, messageId=-1] for
> request=[org.ldaptive.SearchRequest@1343718622::baseDn=dc=domain,dc=local,
> searchFilter=[org.ldaptive.SearchFilter@-286922140::filter=(uid={user}),
> parameters={[email protected]}], returnAttributes=[1.1],
> searchScope=ONELEVEL, timeLimit=0, sizeLimit=0, derefAliases=null,
> typesOnly=false, binaryAttributes=null, sortBehavior=UNORDERED,
> searchEntryHandlers=null, searchReferenceHandlers=null, controls=null,
> followReferrals=false, intermediateResponseHandlers=null] with
> connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@78993229
> ::config=[org.ldaptive.ConnectionConfig@1828438737::ldapUrl=ldap://
> 10.0.18.12, connectTimeout=3000, responseTimeout=-1,
> sslConfig=[org.ldaptive.ssl.SslConfig@78864189
> ::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-762247154::trustCertificates=/etc/pki/tls/certs/chain-24222-cas4.exemple.fr-3-AddTrust_External_CA_Root.pem,
> authenticationCertificate=null, authenticationKey=null],
> trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
> handshakeCompletedListeners=null], useSSL=false, useStartTLS=false,
> connectionInitializer=null],
> providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@879346250::connectionCount=1,
> environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
> providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@189965096::operationExceptionResultCodes=[PROTOCOL_ERROR,
> SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null,
> tracePackets=null, removeDnUrls=true,
> searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
> PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null,
> controlProcessor=org.ldaptive.provider.ControlProcessor@5e559ce6]],
> providerConnection=org.ldaptive.provider.jndi.JndiConnection@46aff06c]>
>
> 2015-01-15 00:13:39,800 INFO [org.ldaptive.auth.PooledSearchDnResolver] -
> <search for [email protected] failed using
> filter=[org.ldaptive.SearchFilter@-286922140::filter=(uid={user}),
> parameters={[email protected]}]>
>
> 2015-01-15 00:13:39,800 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] -
> <resolved dn=null for [email protected]>
>
> 2015-01-15 00:13:39,800 DEBUG [org.ldaptive.auth.Authenticator] -
> <authenticate dn=null with
> request=[org.ldaptive.auth.AuthenticationRequest@107501143::user=
> [email protected], retAttrs=[]]>
>
> 2015-01-15 00:13:39,800 DEBUG
> [org.jasig.cas.authentication.LdapAuthenticationHandler] - <LDAP response:
> [org.ldaptive.auth.AuthenticationResponse@737963274::authenticationResultCode=DN_RESOLUTION_FAILURE,
> ldapEntry=null, accountState=null, result=false, resultCode=null,
> message=DN cannot be null, controls=null]>
>
> 2015-01-15 00:13:39,800 INFO
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
> <LdapAuthenticationHandler failed authenticating
> [email protected]+password>
>
> Thanks for help,
> Yannick
>
>
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
--
Armando Martins
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
