Is it sending the request once to each of those servers? -Scott
-Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Tue, Jul 1, 2008 at 2:39 AM, Unai Rodriguez <[EMAIL PROTECTED]> wrote: > Dear All, > > Using tcpdump I was able to see that the CAS server is actually sending the > request 5 times, which causes the Active Directory account to get locked > up. > > My CAS configuration (deployerConfigContext.xml) looks like this (it may be > found here as well: http://pastebin.ca/1059708): > > <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" > > <property name="filter" value="sAMAccountName=%u" /> > <property name="searchBase" value="OU=A,DC=B,DC=C,DC=D" /> > <property name="contextSource" ref="contextSource" /> > <property name="ignorePartialResultException" value="yes" /> > </bean> > > [...] > > <bean id="contextSource" > class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> > <property name="authenticatedReadOnly" value="true" /> > <property name="userName" value="xxxxxxxxx" /> > <property name="password" value="yyyyyyyyy" /> > <property name="urls"> > <list> > <value>ldap://10.123.8.47:389</value> > <value>ldap://10.123.8.46:389</value> > <value>ldap://10.130.0.45:389</value> > <value>ldap://10.100.0.45:389</value> > <value>ldap://10.190.0.45:389</value> > </list> > </property> > <property name="baseEnvironmentProperties"> > <map> > <entry> > > <key><value>java.naming.security.authentication</value></key> > <value>simple</value> > </entry> > </map> > </property> > </bean> > > I have tried setting "ignorePartialResultException" to "no", with the same > results (i.e. CAS sends 5 consecutive invalid requests which causes the AD > account to get locked up). > > Is there any setting to control this? > > thanks, > unai > > > > Dear All, > > > > I have set up CAS with an Active Directory backend. The CAS server > details > > are: > > > > - CAS version 3.0.5 > > - OS: Debian Linux 3.1 (Sarge) > > - Tomcat version 5.5.23 > > > > The Active Directory has some rules set (which are meant to be kept) > which > > lock up accounts that attempt to login providing the wrong password 5 > > consecutive times. > > > > The issue is that if I provide the wrong password through CAS login page, > > my AD account will be locked (ie with only one failed attempt). > > > > 1) Is this behavior expected/normal? > > 2) How can I tweak/change this? > > > > Thank you so much, > > unai > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
