OK set the org.jasig.cas log level to TRACE. This should provide more insight. Attach the results please.
From: Nicolás [mailto:[email protected]] Sent: Saturday, September 19, 2015 11:46 AM To: [email protected] Subject: Re: [cas-user] LDAP authentication succeeded but CAS says it's not El 19/09/15 a las 18:55, Misagh Moayyed escribió: OK, that’s all correct. Then, the only other possibility is, the ldap authentication does not return that attribute for you. The LDAP entry that is retrieved has an empty collection of attributes. If I run the command on the command shell, the uid attribute is returned correctly. This is even more odd since the same configuration was working on my CAS 4.0.4 instance, so I doubt it has anything to do with the LDAP entry. # ldapsearch -x -D 'uid=myuser,cn=...,dc=...,dc=...' -b cn=...,dc=...,dc=... -W uid=myuser uid Enter LDAP Password: # extended LDIF # # LDAPv3 # base <cn=...,dc=...,dc=...> with scope subtree # filter: uid=myuser # requesting: uid # # myuser, ..., ... . ... dn: uid=myuser,cn=...,dc=...,dc=... uid: myuser # search result search: 2 result: 0 Success Does your configuration have the following? <context:component-scan base-package="org.jasig.cas" /> <context:annotation-config /> Yes, I have that defined in the cas-servlet.xml file. These should configure the handler to retrieve the principal attributes. If you do have this, the other explanation is that LDAP is not returning attributes for your user. It is, additionally if I have this rule in the LDAP configuration, so I think it should be returning all attributes for that user: olcAccess: {0}to * by dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" write by self write by * read From: Nicolás [mailto:[email protected]] Sent: Saturday, September 19, 2015 10:08 AM To: [email protected] <mailto:[email protected]> Subject: Re: [cas-user] LDAP authentication succeeded but CAS says it's not Could you explain a bit further what does that mean in practice? I have the ldapAuthenticationHandler defined this way (exactly as shown in the documentation): <bean id="ldapAuthenticationHandler" class="org.jasig.cas.authentication.LdapAuthenticationHandler" p:principalIdAttribute="uid" c:authenticator-ref="authenticator"> <property name="principalAttributeMap"> <map> <entry key="uid" value="uid" /> <entry key="member" value="member" /> <entry key="mail" value="mail" /> <entry key="displayName" value="displayName" /> </map> </property> </bean> Is there something else missing so the handler can retrieve the uid attribute? Thanks. El 19/09/15 a las 17:58, Misagh Moayyed escribió: You need to make sure the authentication handler is retrieving that attribute for you. Just because it’s in LDAP it doesn’t mean CAS will get it for you automatically. From: Nicolás [mailto:[email protected]] Sent: Saturday, September 19, 2015 8:35 AM To: [email protected] <mailto:[email protected]> Subject: Re: [cas-user] LDAP authentication succeeded but CAS says it's not There it goes: 2015-09-19 16:28:42,603 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - <Attempting LDAP authentication for myuser+password> 2015-09-19 16:28:42,604 DEBUG [org.ldaptive.auth.FormatDnResolver] - <Formatting DN for myuser with uid=%s,cn=...,dc=...,dc=...> 2015-09-19 16:28:42,605 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate dn=uid=myuser,cn=...,dc=...,dc=... with request=[org.ldaptive.auth.AuthenticationRequest@688444560::user=myuser, retAttrs=[1.1]]> 2015-09-19 16:28:42,605 DEBUG [org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate criteria=[org.ldaptive.auth.AuthenticationCriteria@45829884::dn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.auth.AuthenticationCriteria@45829884::dn=uid=myuser,cn=...,dc=...,dc=> ..., authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@688444560::user=myuser, retAttrs=[1.1]]]> 2015-09-19 16:28:42,607 DEBUG [org.ldaptive.BindOperation] - <execute request=[org.ldaptive.BindRequest@1463714762::bindDn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.BindRequest@1463714762::bindDn=uid=myuser,cn=...,dc=...,dc=> ..., saslConfig=null, controls=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7 <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7> , controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c> ]> 2015-09-19 16:28:42,616 DEBUG [org.ldaptive.BindOperation] - <execute response=[org.ldaptive.Response@1228828549::result=null, resultCode=SUCCESS, message=null, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1] for request=[org.ldaptive.BindRequest@1463714762::bindDn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.BindRequest@1463714762::bindDn=uid=myuser,cn=...,dc=...,dc=> ..., saslConfig=null, controls=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7, controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c> ]> 2015-09-19 16:28:42,618 DEBUG [org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldaptive.Defau<authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldap<authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7 <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7> , controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c> ], result=true, resultCode=SUCCESS, message=null, controls=null] for criteria=[org.ldaptive.auth.AuthenticationCriteria@45829884::dn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.auth.AuthenticationCriteria@45829884::dn=uid=myuser,cn=...,dc=...,dc=> ..., authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@688444560::user=myuser, retAttrs=[1.1]]]> 2015-09-19 16:28:42,619 INFO [org.ldaptive.auth.Authenticator] - <Authentication succeeded for dn: uid=myuser,cn=...,dc=...,dc=...> 2015-09-19 16:28:42,625 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7 <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7> , controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c> ], result=true, resultCode=SUCCESS, message=null, controls=null] for dn=uid=myuser,cn=...,dc=...,dc=... with request=[org.ldaptive.auth.AuthenticationRequest@688444560::user=myuser, retAttrs=[1.1]]> 2015-09-19 16:28:42,626 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - <LDAP response: [org.ldaptive.auth.AuthenticationResponse@735806018::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS, ldapEntry=[dn=uid=myuser,cn=...,dc=...,dc=...[]], accountState=null, result=true, resultCode=SUCCESS, message=null, controls=null]> 2015-09-19 16:28:42,627 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler failed authenticating myuser+password> 2015-09-19 16:28:42,627 DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler exception details: uid attribute not found for myuser> 2015-09-19 16:28:42,628 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving argument [UsernamePasswordCredential] for audit> 2015-09-19 16:28:42,637 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: myuser+password WHAT: supplied credentials: [myuser+password] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Sat Sep 19 16:28:42 WEST 2015 CLIENT IP ADDRESS: 192.168.1.111 SERVER IP ADDRESS: 192.168.1.40 ============================================================= > 2015-09-19 16:28:42,639 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving argument [UsernamePasswordCredential] for audit> 2015-09-19 16:28:42,640 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: myuser+password WHAT: 1 errors, 0 successes ACTION: TICKET_GRANTING_TICKET_NOT_CREATED APPLICATION: CAS WHEN: Sat Sep 19 16:28:42 WEST 2015 CLIENT IP ADDRESS: 192.168.1.111 SERVER IP ADDRESS: 192.168.1.40 ============================================================= I noticed that now there's a line saying this: 2015-09-19 16:28:42,627 DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler exception details: uid attribute not found for myuser> However, this attribute is indeed present in the LDAP directory for that user and it's accessible by everyone: uid: myuser Thanks. El 19/09/15 a las 15:38, Misagh Moayyed escribió: Change org.jasig.cas to DEBUG and report back please. From: Nicolás [mailto:[email protected]] Sent: Saturday, September 19, 2015 6:30 AM To: [email protected] Subject: [cas-user] LDAP authentication succeeded but CAS says it's not Hi, I'm having some issue configuring LDAP authentication on CAS 4.1.0. I must say I had this configuration working on 4.0.4 but for some reason, even when successfully authenticating vs. LDAP, CAS says the credentials are not right. This is what I did: 1) deployerConfigContext.xml: Inside the authenticationManager bean, this is the map defined: <constructor-arg> <map> <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> <entry key-ref="ldapAuthenticationHandler" value="#{null}" /> </map> </constructor-arg> 2) deployerConfigContext.xml: Copied and pasted the LDAP support direct bind (http://jasig.github.io/cas/4.1.x/installation/LDAP-Authentication.html#ldap-supporting-direct-bind) config, except that I removed the p:sslConfig-ref="sslConfig" part and the corresponding sslConfig bean, because I'm not using SSL over LDAP. 3) pom.xml: Added the corresponding dependency: <dependency> <groupId>org.jasig.cas</groupId> <artifactId>cas-server-support-ldap</artifactId> <version>${cas.version}</version> </dependency> 4) cas.properties: I customized any needed properties, as I had it in my 4.0.4 working configuration. Now, I access /cas and authenticate, and CAS says the credentials are not right. I had a look at the authentication log and I found the binding be successfull as far as LDAP goes as you can see here: Sep 19 14:07:15 machine slapd[22970]: conn=1004 op=1 BIND anonymous mech=implicit ssf=0 Sep 19 14:07:15 machine slapd[22970]: conn=1004 op=1 BIND dn="uid=myuser,cn=...,dc=...,dc=..." method=128 Sep 19 14:07:15 machine slapd[22970]: conn=1004 op=1 BIND dn="uid=myuser,cn=...,dc=...,dc=..." mech=SIMPLE ssf=0 Sep 19 14:07:15 machine slapd[22970]: conn=1004 op=1 RESULT tag=97 err=0 text= I decide to activate the debugging as mentioned in the Troubleshooting page of the LDAP configuration, and I see the following: 2015-09-19 14:07:15,636 DEBUG [org.ldaptive.auth.FormatDnResolver] - <Formatting DN for myuser with uid=%s,cn=...,dc=...,dc=...> 2015-09-19 14:07:15,637 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate dn=uid=myuser,cn=...,dc=...,dc=... with request=[org.ldaptive.auth.AuthenticationRequest@954293603::user=myuser, retAttrs=[1.1]]> 2015-09-19 14:07:15,637 DEBUG [org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate criteria=[org.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc=> ..., authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@954293603::user=myuser, retAttrs=[1.1]]]> 2015-09-19 14:07:15,639 DEBUG [org.ldaptive.BindOperation] - <execute request=[org.ldaptive.BindRequest@1670297304::bindDn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.BindRequest@1670297304::bindDn=uid=myuser,cn=...,dc=...,dc=> ..., saslConfig=null, controls=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2 <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2> , controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0 <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0> ]> 2015-09-19 14:07:15,643 DEBUG [org.ldaptive.BindOperation] - <execute response=[org.ldaptive.Response@1182007988::result=null, resultCode=SUCCESS, message=null, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1] for request=[org.ldaptive.BindRequest@1670297304::bindDn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.BindRequest@1670297304::bindDn=uid=myuser,cn=...,dc=...,dc=> ..., saslConfig=null, controls=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2, controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0 <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0> ]> 2015-09-19 14:07:15,645 DEBUG [org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@1784519566::connection=[org.ldaptive.Defa<authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@1784519566::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2 <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2> , controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0 <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0> ], result=true, resultCode=SUCCESS, message=null, controls=null] for criteria=[org.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc=> ..., authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@954293603::user=myuser, retAttrs=[1.1]]]> 2015-09-19 14:07:15,660 INFO [org.ldaptive.auth.Authenticator] - <Authentication succeeded for dn: uid=myuser,cn=...,dc=...,dc=...> 2015-09-19 14:07:15,662 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@1784519566::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2 <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2> , controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0 <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0> ], result=true, resultCode=SUCCESS, message=null, controls=null] for dn=uid=myuser,cn=...,dc=...,dc=... with request=[org.ldaptive.auth.AuthenticationRequest@954293603::user=myuser, retAttrs=[1.1]]> 2015-09-19 14:07:15,664 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler failed authenticating myuser+password> 2015-09-19 14:07:15,665 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: myuser+password WHAT: supplied credentials: [myuser+password] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Sat Sep 19 14:07:15 WEST 2015 CLIENT IP ADDRESS: 192.168.1.X SERVER IP ADDRESS: 192.168.1.X ============================================================= > 2015-09-19 14:07:15,667 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: myuser+password WHAT: 1 errors, 0 successes ACTION: TICKET_GRANTING_TICKET_NOT_CREATED APPLICATION: CAS WHEN: Sat Sep 19 14:07:15 WEST 2015 CLIENT IP ADDRESS: 192.168.1.X SERVER IP ADDRESS: 192.168.1.X ============================================================= So if CAS says that the authentication succeeded at first, why LdapAuthenticationHandler fails? Any hint will be very appreciated since I'm a bit lost right now. Thanks, Nicolás -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
