Michael, I don't believe we have any accounts here at RU that have "/" in them (and I think its a banned character) so I can't try it out here. Do you guys have any LDAP code (non Spring) you can try it against to take the Spring code out of the picture?
-Scott On Wed, May 7, 2008 at 2:53 PM, Michael J. Barton <[EMAIL PROTECTED]> wrote: > We have been using CAS (3.0.7) since September. We have plans to upgrade > to > 3.2.1 later this summer. > Our implementation is using the LDAP authentication handler against our > Active Directory and has been working great until this problem cropped up > yesterday. > > We have a handful of users that consistently fail to authenticate. When > they > do, we see an error in CAS.LOG like: > > 2008-05-07 09:15:37,285 INFO > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > AuthenticationHandler: > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler failed to > authenticate the user which provided the following credentials: mbarton > > > A sample of the DN that fails is: > > CN=mbarton,OU=Special Facilities - > Jadwin/Fine,OU=People,DC=pu,DC=win,DC=princeton,DC=edu > > > Testing a hunch we renamed the OU the account resides in, removing the "/" > character in the > > OU=Special Facilities - Jadwin/Fine > > portion of the DN. When we do this the user CAN authenticate. We tested > user accounts in 3 other OUs, each of which have one or more "/" > characters > in the name and in each case the user fails to authenticate. > > > Has anyone else seen and/or resolved this error? > Has the problem been corrected in CAS 3.2.1? > > > This appears to be a DN parsing error, but I don't know if it is in the > base > CAS code or somewhere in the Spring framework (we are using version 1.12 > with CAS 3.0.7). When set logging to DEBUG, I see > "org.springframework.validation.BindException" errors in the CAS.log > > > Thanks in advance for any help/insight. > > > deployerConfigContext.xml > > <?xml version="1.0" encoding="UTF-8"?> > <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" > "http://www.springframework.org/dtd/spring-beans.dtd";> > <beans> > <bean id="authenticationManager" > class="org.jasig.cas.authentication.AuthenticationManagerImpl"> > <property name="credentialsToPrincipalResolvers"> > <list> > <bean > > class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToP > rincipalResolver" /> > <bean > > class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToP > rincipalResolver" /> > </list> > </property> > <property name="authenticationHandlers"> > <list> > <bean > > class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredenti > alsAuthenticationHandler"> > <property name="httpClient" ref="httpClient" /> > </bean> > <bean > class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> > <property name="filter" value="sAMAccountName=%u" /> > <property name="searchBase" > value="ou=People,dc=pu,dc=win,dc=princeton,dc=edu" /> > <property name="contextSource" ref="contextSource" /> > </bean> > </list> > </property> > </bean> > <bean id="contextSource" > class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> > <property name="password" value="XXXXXXXXXX"> > <property name="pooled" value="true" /> > <property name="urls"> > <list> > <value>ldaps://pu.win.princeton.edu/</value> > </list> > </property> > <property name="userName" > value="cn=XXXXXXX,ou=XXXXXXXX,ou=XXXXXX,dc=pu,dc=win,dc=princeton,dc=edu" > /> > <property name="baseEnvironmentProperties"> > <map> > <entry> > > <key><value>java.naming.security.protocol</value></key> > <value>ssl</value> > </entry> > <entry> > > <key><value>java.naming.security.authentication</value></key> > <value>simple</value> > </entry> > </map> > </property> > </bean> > </beans> > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
