El 19/09/15 a las 18:55, Misagh Moayyed escribió:
>
> OK, that’s all correct. Then, the only other possibility is, the ldap
> authentication does not return that attribute for you. The LDAP entry
> that is retrieved has an empty collection of attributes.
>
If I run the command on the command shell, the uid attribute is returned
correctly. This is even more odd since the same configuration was
working on my CAS 4.0.4 instance, so I doubt it has anything to do with
the LDAP entry.
# ldapsearch -x -D 'uid=myuser,cn=...,dc=...,dc=...' -b
cn=...,dc=...,dc=... -W uid=myuser uid
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=...,dc=...,dc=...> with scope subtree
# filter: uid=myuser
# requesting: uid
#
# myuser, ..., ... . ...
dn: uid=myuser,cn=...,dc=...,dc=...
uid: myuser
# search result
search: 2
result: 0 Success
> Does your configuration have the following?
>
> <context:component-scan base-package="org.jasig.cas" />
>
> <context:annotation-config />
>
Yes, I have that defined in the cas-servlet.xml file.
> These should configure the handler to retrieve the principal
> attributes. If you do have this, the other explanation is that LDAP is
> not returning attributes for your user.
>
It is, additionally if I have this rule in the LDAP configuration, so I
think it should be returning all attributes for that user:
olcAccess: {0}to * by
dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" write by
self write by * read
> *From:*Nicolás [mailto:[email protected]]
> *Sent:* Saturday, September 19, 2015 10:08 AM
> *To:* [email protected]
> *Subject:* Re: [cas-user] LDAP authentication succeeded but CAS says
> it's not
>
> Could you explain a bit further what does that mean in practice? I
> have the ldapAuthenticationHandler defined this way (exactly as shown
> in the documentation):
>
> <bean id="ldapAuthenticationHandler"
> class="org.jasig.cas.authentication.LdapAuthenticationHandler"
> p:principalIdAttribute="uid"
> c:authenticator-ref="authenticator">
> <property name="principalAttributeMap">
> <map>
> <entry key="uid" value="uid" />
> <entry key="member" value="member" />
> <entry key="mail" value="mail" />
> <entry key="displayName" value="displayName" />
> </map>
> </property>
> </bean>
>
> Is there something else missing so the handler can retrieve the uid
> attribute?
>
> Thanks.
>
> El 19/09/15 a las 17:58, Misagh Moayyed escribió:
>
> You need to make sure the authentication handler is retrieving
> that attribute for you. Just because it’s in LDAP it doesn’t mean
> CAS will get it for you automatically.
>
> *From:*Nicolás [mailto:[email protected]]
> *Sent:* Saturday, September 19, 2015 8:35 AM
> *To:* [email protected] <mailto:[email protected]>
> *Subject:* Re: [cas-user] LDAP authentication succeeded but CAS
> says it's not
>
> There it goes:
>
> 2015-09-19 16:28:42,603 DEBUG
> [org.jasig.cas.authentication.LdapAuthenticationHandler] -
> <Attempting LDAP authentication for myuser+password>
> 2015-09-19 16:28:42,604 DEBUG
> [org.ldaptive.auth.FormatDnResolver] - <Formatting DN for
> myuser with uid=%s,cn=...,dc=...,dc=...>
> 2015-09-19 16:28:42,605 DEBUG
> [org.ldaptive.auth.Authenticator] - <authenticate
> dn=uid=myuser,cn=...,dc=...,dc=... with
>
> request=[org.ldaptive.auth.AuthenticationRequest@688444560::user=myuser,
> retAttrs=[1.1]]>
> 2015-09-19 16:28:42,605 DEBUG
> [org.ldaptive.auth.PooledBindAuthenticationHandler] -
> <authenticate
>
> criteria=[org.ldaptive.auth.AuthenticationCriteria@45829884::dn=uid=myuser,cn=...,dc=...,dc=
>
> <mailto:org.ldaptive.auth.AuthenticationCriteria@45829884::dn=uid=myuser,cn=...,dc=...,dc=>...,
>
> authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@688444560::user=myuser,
> retAttrs=[1.1]]]>
> 2015-09-19 16:28:42,607 DEBUG [org.ldaptive.BindOperation] -
> <execute
>
> request=[org.ldaptive.BindRequest@1463714762::bindDn=uid=myuser,cn=...,dc=...,dc=
>
> <mailto:org.ldaptive.BindRequest@1463714762::bindDn=uid=myuser,cn=...,dc=...,dc=>...,
> saslConfig=null, controls=null] with
>
> connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost,
> connectTimeout=3000, responseTimeout=-1, sslConfig=null,
> useSSL=false, useStartTLS=false, connectionInitializer=null],
>
> providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=[ldapUrl=ldap://localhost,
> count=1],
>
> environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> com.sun.jndi.ldap.connect.timeout=3000,
> java.naming.ldap.version=3},
>
> providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=[PROTOCOL_ERROR,
> SERVER_DOWN], properties={},
>
> connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7
>
> <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7>,
> controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0
>
> <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0>,
> environment=null, tracePackets=null, removeDnUrls=true,
> searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED,
> SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null,
> hostnameVerifier=null]],
> providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c
>
> <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c>]>
> 2015-09-19 16:28:42,616 DEBUG [org.ldaptive.BindOperation] -
> <execute
> response=[org.ldaptive.Response@1228828549::result=null,
> resultCode=SUCCESS, message=null, matchedDn=null,
> responseControls=null, referralURLs=null, messageId=-1] for
>
> request=[org.ldaptive.BindRequest@1463714762::bindDn=uid=myuser,cn=...,dc=...,dc=
>
> <mailto:org.ldaptive.BindRequest@1463714762::bindDn=uid=myuser,cn=...,dc=...,dc=>...,
> saslConfig=null, controls=null] with
>
> connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost,
> connectTimeout=3000, responseTimeout=-1, sslConfig=null,
> useSSL=false, useStartTLS=false, connectionInitializer=null],
>
> providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=[ldapUrl=ldap://localhost,
> count=1],
>
> environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> com.sun.jndi.ldap.connect.timeout=3000,
> java.naming.ldap.version=3},
>
> providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=[PROTOCOL_ERROR,
> SERVER_DOWN], properties={},
>
> connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7
>
> <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7>,
> controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0
>
> <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0>,
> environment=null, tracePackets=null, removeDnUrls=true,
> searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED,
> SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null,
> hostnameVerifier=null]],
> providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c
>
> <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c>]>
> 2015-09-19 16:28:42,618 DEBUG
> [org.ldaptive.auth.PooledBindAuthenticationHandler] -
> <authenticate
>
> response=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldaptive.Defau<authenticate
>
> response=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldap
>
> <mailto:authenticateresponse=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost,connectTimeout=3000,responseTimeout=-1,sslConfig=null,useSSL=false,useStartTLS=false,connectionInitializer=null%5d,providerConnectionFactory=%5borg.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=%5bldapUrl=ldap://localhost,count=1%5d,environment=%7bjava.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,com.sun.jndi.ldap.connect.timeout=3000,java.naming.ldap.version=3%7d,providerConfig=%5borg.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=%5bPROTOCOL_ERROR,SERVER_DOWN%5d,properties=%7b%7d,connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectio%20nStrategy@305841a7,controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0,environment=null,tracePackets%20=null,removeDnUrls=true,searchIgnoreResultCodes=%5bTIME_LIMIT_EXCEEDED,SIZE_LIMIT_EXCEEDED,PARTIAL_RESULTS%5d,sslSocketFactory=null,hostnameVerifier=null%5d%5d,providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c%5d,result=true,resultCode=SUCCESS,message=null,controls=null%5dforcriteria=%5borg.ldaptive.auth.AuthenticationCriteria@45829884::dn=uid=myuser,cn=...,dc=...,dc=...,authenticationRequest=%5borg.ldaptive.auth.AuthenticationRequest@688444560::user=myuser,retAttrs=%5b1.1%5d%5d%5d><authenticate
>
> response=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost,
> connectTimeout=3000, responseTimeout=-1, sslConfig=null,
> useSSL=false, useStartTLS=false, connectionInitializer=null],
>
> providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=[ldapUrl=ldap://localhost,
> count=1],
>
> environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> com.sun.jndi.ldap.connect.timeout=3000,
> java.naming.ldap.version=3},
>
> providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=[PROTOCOL_ERROR,
> SERVER_DOWN], properties={},
>
> connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7,
> controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0,
> environment=null, tracePackets=null, removeDnUrls=true,
> searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED,
> SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null,
> hostnameVerifier=null]],
>
> providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c],
> result=true, resultCode=SUCCESS, message=null, controls=null]
> for
>
> criteria=[org.ldaptive.auth.AuthenticationCriteria@45829884::dn=uid=myuser,cn=...,dc=...,dc=...,
>
> authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@688444560::user=myuser,
> retAttrs=[1.1]]]>
>
> <mailto:authenticateresponse=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost,connectTimeout=3000,responseTimeout=-1,sslConfig=null,useSSL=false,useStartTLS=false,connectionInitializer=null%5d,providerConnectionFactory=%5borg.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=%5bldapUrl=ldap://localhost,count=1%5d,environment=%7bjava.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,com.sun.jndi.ldap.connect.timeout=3000,java.naming.ldap.version=3%7d,providerConfig=%5borg.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=%5bPROTOCOL_ERROR,SERVER_DOWN%5d,properties=%7b%7d,connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectio%20nStrategy@305841a7,controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0,environment=null,tracePackets=null,removeDnUrls=true,searchIgnoreResultCodes=%5bTIME_LIMIT_EXCEEDED,SIZE_LIMIT_EXCEEDED,PARTIAL_RESULTS%5d,sslSocketFactory=null,hostnameVerifier=null%5d%5d,providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c%5d,result=true,resultCode=SUCCESS,message=null,controls=null%5dforcriteria=%5borg.ldaptive.auth.AuthenticationCriteria@45829884::dn=uid=myuser,cn=...,dc=...,dc=...,authenticationRequest=%5borg.ldaptive.auth.AuthenticationRequest@688444560::user=myuser,retAttrs=%5b1.1%5d%5d%5d>
> 2015-09-19 16:28:42,619 INFO [org.ldaptive.auth.Authenticator]
> - <Authentication succeeded for dn:
> uid=myuser,cn=...,dc=...,dc=...>
> 2015-09-19 16:28:42,625 DEBUG
> [org.ldaptive.auth.Authenticator] - <authenticate
>
> response=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost,
> connectTimeout=3000, responseTimeout=-1, sslConfig=null,
> useSSL=false, useStartTLS=false, connectionInitializer=null],
>
> providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=[ldapUrl=ldap://localhost,
> count=1],
>
> environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> com.sun.jndi.ldap.connect.timeout=3000,
> java.naming.ldap.version=3},
>
> providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=[PROTOCOL_ERROR,
> SERVER_DOWN], properties={},
>
> connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7
>
> <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7>,
> controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0
>
> <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0>,
> environment=null, tracePackets=null, removeDnUrls=true,
> searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED,
> SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null,
> hostnameVerifier=null]],
> providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c
>
> <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c>],
> result=true, resultCode=SUCCESS, message=null, controls=null]
> for dn=uid=myuser,cn=...,dc=...,dc=... with
>
> request=[org.ldaptive.auth.AuthenticationRequest@688444560::user=myuser,
> retAttrs=[1.1]]>
> 2015-09-19 16:28:42,626 DEBUG
> [org.jasig.cas.authentication.LdapAuthenticationHandler] -
> <LDAP response:
>
> [org.ldaptive.auth.AuthenticationResponse@735806018::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS,
> ldapEntry=[dn=uid=myuser,cn=...,dc=...,dc=...[]],
> accountState=null, result=true, resultCode=SUCCESS,
> message=null, controls=null]>
> 2015-09-19 16:28:42,627 INFO
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
> <LdapAuthenticationHandler failed authenticating myuser+password>
> 2015-09-19 16:28:42,627 DEBUG
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
> <LdapAuthenticationHandler exception details: uid attribute
> not found for myuser>
> 2015-09-19 16:28:42,628 DEBUG
> [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver]
> - <Resolving argument [UsernamePasswordCredential] for audit>
> 2015-09-19 16:28:42,637 INFO
> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
> - <Audit trail record BEGIN
> =============================================================
> WHO: myuser+password
> WHAT: supplied credentials: [myuser+password]
> ACTION: AUTHENTICATION_FAILED
> APPLICATION: CAS
> WHEN: Sat Sep 19 16:28:42 WEST 2015
> CLIENT IP ADDRESS: 192.168.1.111
> SERVER IP ADDRESS: 192.168.1.40
> =============================================================
>
> >
> 2015-09-19 16:28:42,639 DEBUG
> [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver]
> - <Resolving argument [UsernamePasswordCredential] for audit>
> 2015-09-19 16:28:42,640 INFO
> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
> - <Audit trail record BEGIN
> =============================================================
> WHO: myuser+password
> WHAT: 1 errors, 0 successes
> ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
> APPLICATION: CAS
> WHEN: Sat Sep 19 16:28:42 WEST 2015
> CLIENT IP ADDRESS: 192.168.1.111
> SERVER IP ADDRESS: 192.168.1.40
> =============================================================
>
> I noticed that now there's a line saying this:
>
> 2015-09-19 16:28:42,627 DEBUG
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
> <LdapAuthenticationHandler exception details: uid attribute not
> found for myuser>
>
> However, this attribute is indeed present in the LDAP directory
> for that user and it's accessible by everyone:
>
> uid: myuser
>
> Thanks.
>
> El 19/09/15 a las 15:38, Misagh Moayyed escribió:
>
> Change org.jasig.cas to DEBUG and report back please.
>
> *From:*Nicolás [mailto:[email protected]]
> *Sent:* Saturday, September 19, 2015 6:30 AM
> *To:* [email protected] <mailto:[email protected]>
> *Subject:* [cas-user] LDAP authentication succeeded but CAS
> says it's not
>
> Hi,
>
> I'm having some issue configuring LDAP authentication on CAS
> 4.1.0. I must say I had this configuration working on 4.0.4
> but for some reason, even when successfully authenticating vs.
> LDAP, CAS says the credentials are not right.
>
> This is what I did:
>
> 1) deployerConfigContext.xml: Inside the authenticationManager
> bean, this is the map defined:
> <constructor-arg>
> <map>
> <entry key-ref="proxyAuthenticationHandler"
> value-ref="proxyPrincipalResolver" />
> <entry key-ref="ldapAuthenticationHandler"
> value="#{null}" />
> </map>
> </constructor-arg>
>
> 2) deployerConfigContext.xml: Copied and pasted the LDAP
> support direct bind
>
> (http://jasig.github.io/cas/4.1.x/installation/LDAP-Authentication.html#ldap-supporting-direct-bind)
> config, except that I removed the p:sslConfig-ref="sslConfig"
> part and the corresponding sslConfig bean, because I'm not
> using SSL over LDAP.
>
> 3) pom.xml: Added the corresponding dependency:
> <dependency>
> <groupId>org.jasig.cas</groupId>
> <artifactId>cas-server-support-ldap</artifactId>
> <version>${cas.version}</version>
> </dependency>
>
> 4) cas.properties: I customized any needed properties, as I
> had it in my 4.0.4 working configuration.
>
> Now, I access /cas and authenticate, and CAS says the
> credentials are not right. I had a look at the authentication
> log and I found the binding be successfull as far as LDAP goes
> as you can see here:
>
> Sep 19 14:07:15 machine slapd[22970]: conn=1004 op=1 BIND
> anonymous mech=implicit ssf=0
> Sep 19 14:07:15 machine slapd[22970]: conn=1004 op=1 BIND
> dn="uid=myuser,cn=...,dc=...,dc=..." method=128
> Sep 19 14:07:15 machine slapd[22970]: conn=1004 op=1 BIND
> dn="uid=myuser,cn=...,dc=...,dc=..." mech=SIMPLE ssf=0
> Sep 19 14:07:15 machine slapd[22970]: conn=1004 op=1
> RESULT tag=97 err=0 text=
>
> I decide to activate the debugging as mentioned in the
> Troubleshooting page of the LDAP configuration, and I see the
> following:
>
> 2015-09-19 14:07:15,636 DEBUG
> [org.ldaptive.auth.FormatDnResolver] - <Formatting DN for
> myuser with uid=%s,cn=...,dc=...,dc=...>
> 2015-09-19 14:07:15,637 DEBUG
> [org.ldaptive.auth.Authenticator] - <authenticate
> dn=uid=myuser,cn=...,dc=...,dc=... with
>
> request=[org.ldaptive.auth.AuthenticationRequest@954293603::user=myuser,
> retAttrs=[1.1]]>
> 2015-09-19 14:07:15,637 DEBUG
> [org.ldaptive.auth.PooledBindAuthenticationHandler] -
> <authenticate
>
> criteria=[org.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc=
>
> <mailto:org.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc=>...,
>
> authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@954293603::user=myuser,
> retAttrs=[1.1]]]>
> 2015-09-19 14:07:15,639 DEBUG [org.ldaptive.BindOperation]
> - <execute
>
> request=[org.ldaptive.BindRequest@1670297304::bindDn=uid=myuser,cn=...,dc=...,dc=
>
> <mailto:org.ldaptive.BindRequest@1670297304::bindDn=uid=myuser,cn=...,dc=...,dc=>...,
> saslConfig=null, controls=null] with
>
> connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl=ldap://localhost,
> connectTimeout=3000, responseTimeout=-1, sslConfig=null,
> useSSL=false, useStartTLS=false,
> connectionInitializer=null],
>
> providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=[ldapUrl=ldap://localhost,
> count=1],
>
> environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> com.sun.jndi.ldap.connect.timeout=3000,
> java.naming.ldap.version=3},
>
> providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=[PROTOCOL_ERROR,
> SERVER_DOWN], properties={},
>
> connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2
>
> <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2>,
> controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587
>
> <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587>,
> environment=null, tracePackets=null, removeDnUrls=true,
> searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED,
> SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS],
> sslSocketFactory=null, hostnameVerifier=null]],
>
> providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0
>
> <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0>]>
> 2015-09-19 14:07:15,643 DEBUG [org.ldaptive.BindOperation]
> - <execute
> response=[org.ldaptive.Response@1182007988::result=null,
> resultCode=SUCCESS, message=null, matchedDn=null,
> responseControls=null, referralURLs=null, messageId=-1]
> for
>
> request=[org.ldaptive.BindRequest@1670297304::bindDn=uid=myuser,cn=...,dc=...,dc=
>
> <mailto:org.ldaptive.BindRequest@1670297304::bindDn=uid=myuser,cn=...,dc=...,dc=>...,
> saslConfig=null, controls=null] with
>
> connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl=ldap://localhost,
> connectTimeout=3000, responseTimeout=-1, sslConfig=null,
> useSSL=false, useStartTLS=false,
> connectionInitializer=null],
>
> providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=[ldapUrl=ldap://localhost,
> count=1],
>
> environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> com.sun.jndi.ldap.connect.timeout=3000,
> java.naming.ldap.version=3},
>
> providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=[PROTOCOL_ERROR,
> SERVER_DOWN], properties={},
>
> connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2
>
> <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2>,
> controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587
>
> <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587>,
> environment=null, tracePackets=null, removeDnUrls=true,
> searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED,
> SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS],
> sslSocketFactory=null, hostnameVerifier=null]],
>
> providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0
>
> <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0>]>
> 2015-09-19 14:07:15,645 DEBUG
> [org.ldaptive.auth.PooledBindAuthenticationHandler] -
> <authenticate
>
> response=[org.ldaptive.auth.AuthenticationHandlerResponse@1784519566::connection=[org.ldaptive.Defa<authenticate
>
> response=[org.ldaptive.auth.AuthenticationHandlerResponse@1784519566::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl=
>
> <mailto:authenticateresponse=[org.ldaptive.auth.AuthenticationHandlerResponse@1784519566::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl=ldap://localhost,connectTimeout=3000,responseTimeout=-1,sslConfig=null,useSSL=false,useStartTLS=false,connectionInitializer=null%5d,providerConnectionFactory=%5borg.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=%5bldapUrl=ldap://localhost,count=1%5d,environment=%7bjava.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,com.sun.jndi.ldap.connect.timeout=3000,java.naming.ldap.version=3%7d,providerConfig=%5borg.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=%5bPROTOCOL_ERROR,SERVER_DOWN%5d,properties=%7b%7d,connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionS%20trategy@65f55fd2,controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587,environment=null,tracePackets=n%20%20ull,removeDnUrls=true,searchIgnoreResultCodes=%5bTIME_LIMIT_EXCEEDED,SIZE_LIMIT_EXCEEDED,PARTIAL_RESULTS%5d,sslSocketFactory=null,hostnameVerifier=null%5d%5d,providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0%5d,result=true,resultCode=SUCCESS,message=null,controls=null%5dforcriteria=%5borg.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc=...,authenticationRequest=%5borg.ldaptive.auth.AuthenticationRequest@954293603::user=myuser,retAttrs=%5b1.1%5d%5d%5d>ldap://localhost,
> connectTimeout=3000, responseTimeout=-1, sslConfig=null,
> useSSL=false, useStartTLS=false,
> connectionInitializer=null],
>
> providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=[ldapUrl=ldap://localhost,
> count=1],
>
> environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> com.sun.jndi.ldap.connect.timeout=3000,
> java.naming.ldap.version=3},
>
> providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=[PROTOCOL_ERROR,
> SERVER_DOWN], properties={},
>
> connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2
>
> <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2>,
> controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587
>
> <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587>,
> environment=null, tracePackets=null, removeDnUrls=true,
> searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED,
> SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS],
> sslSocketFactory=null, hostnameVerifier=null]],
>
> providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0
>
> <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0>],
> result=true, resultCode=SUCCESS, message=null,
> controls=null] for
>
> criteria=[org.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc=
>
> <mailto:org.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc=>...,
>
> authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@954293603::user=myuser,
> retAttrs=[1.1]]]>
> 2015-09-19 14:07:15,660 INFO
> [org.ldaptive.auth.Authenticator] - <Authentication
> succeeded for dn: uid=myuser,cn=...,dc=...,dc=...>
> 2015-09-19 14:07:15,662 DEBUG
> [org.ldaptive.auth.Authenticator] - <authenticate
>
> response=[org.ldaptive.auth.AuthenticationHandlerResponse@1784519566::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl=ldap://localhost,
> connectTimeout=3000, responseTimeout=-1, sslConfig=null,
> useSSL=false, useStartTLS=false,
> connectionInitializer=null],
>
> providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=[ldapUrl=ldap://localhost,
> count=1],
>
> environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> com.sun.jndi.ldap.connect.timeout=3000,
> java.naming.ldap.version=3},
>
> providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=[PROTOCOL_ERROR,
> SERVER_DOWN], properties={},
>
> connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2
>
> <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2>,
> controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587
>
> <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587>,
> environment=null, tracePackets=null, removeDnUrls=true,
> searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED,
> SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS],
> sslSocketFactory=null, hostnameVerifier=null]],
>
> providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0
>
> <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0>],
> result=true, resultCode=SUCCESS, message=null,
> controls=null] for dn=uid=myuser,cn=...,dc=...,dc=... with
>
> request=[org.ldaptive.auth.AuthenticationRequest@954293603::user=myuser,
> retAttrs=[1.1]]>
> 2015-09-19 14:07:15,664 INFO
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager]
> - <LdapAuthenticationHandler failed authenticating
> myuser+password>
> 2015-09-19 14:07:15,665 INFO
> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
> - <Audit trail record BEGIN
> =============================================================
> WHO: myuser+password
> WHAT: supplied credentials: [myuser+password]
> ACTION: AUTHENTICATION_FAILED
> APPLICATION: CAS
> WHEN: Sat Sep 19 14:07:15 WEST 2015
> CLIENT IP ADDRESS: 192.168.1.X
> SERVER IP ADDRESS: 192.168.1.X
> =============================================================
>
> >
> 2015-09-19 14:07:15,667 INFO
> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
> - <Audit trail record BEGIN
> =============================================================
> WHO: myuser+password
> WHAT: 1 errors, 0 successes
> ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
> APPLICATION: CAS
> WHEN: Sat Sep 19 14:07:15 WEST 2015
> CLIENT IP ADDRESS: 192.168.1.X
> SERVER IP ADDRESS: 192.168.1.X
> =============================================================
>
>
> So if CAS says that the authentication succeeded at first, why
> LdapAuthenticationHandler fails? Any hint will be very
> appreciated since I'm a bit lost right now.
>
> Thanks,
>
> Nicolás
>
>
>
> --
>
> You are currently subscribed [email protected]
> <mailto:[email protected]> as:[email protected]
> <mailto:[email protected]>
>
> To unsubscribe, change settings or access archives,
> seehttp://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
>
> You are currently subscribed [email protected]
> <mailto:[email protected]> as:[email protected]
> <mailto:[email protected]>
>
> To unsubscribe, change settings or access archives,
> seehttp://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
>
> --
>
> You are currently subscribed [email protected]
> <mailto:[email protected]> as:[email protected]
> <mailto:[email protected]>
>
> To unsubscribe, change settings or access archives,
> seehttp://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
>
> You are currently subscribed [email protected]
> <mailto:[email protected]> as:[email protected]
> <mailto:[email protected]>
>
> To unsubscribe, change settings or access archives,
> seehttp://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> You are currently subscribed [email protected]
> <mailto:[email protected]> as:[email protected]
> <mailto:[email protected]>
> To unsubscribe, change settings or access archives,
> seehttp://www.ja-sig.org/wiki/display/JSG/cas-user
> --
> You are currently subscribed to [email protected] as: [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
