I am now running 2.3.0 on our dev server with the same ldap issue. This is the
beginning of the error message:
11:22:32.134 - ERROR [edu.vt.middleware.ldap.pool.DefaultLdapFactory:109] -
unabled to connect to the ldap
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
I see the same thing in the ldap server's log (err=49).
Here is the connector from attribute-resolver:
<!-- LDAP Connector -->
<resolver:DataConnector id="suLDAP" xsi:type="LDAPDirectory"
xmlns="urn:mace:shibboleth:2.0:reso
lver:dc"
ldapURL="ldap://
directory11.stanford.edu"
baseDN="cn=people,dc=stanford,dc=edu"
principal="cn=shibboleth,cn=service,cn=applications,dc=stanford,dc=edu"
principalCredential="UNUSED">
<FilterTemplate>
<![CDATA[
(uid=$requestContext.principalName)
]]>
</FilterTemplate>
<LDAPProperty name="java.security.auth.login.config"
value="/etc/shibboleth-idp/krb5_jaas.config" />
<LDAPProperty name="java.naming.security.authentication"
value="GSSAPI" />
<LDAPProperty name="javax.security.sasl.qop"
value="auth-conf" />
</resolver:DataConnector>
And the krb5_jaas.config file:
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required
doNotPrompt="true"
principal="service/
shibb...@stanford.edu"
useKeyTab="true"
keyTab="/etc/shibboleth-idp/shibboleth.keytab";
};
Thanks,
-Kevin
> users+unsubscribe@shibboleth.__net <mailto:
users%2Bunsu...@shibboleth.net>