2016-04-04 11:22:42,277 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler failed authenticating anotherUser>
2016-04-04 11:22:42,288 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: anotherUser
WHAT: Supplied credentials: [anotherUser]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Mon Apr 04 11:22:42 UTC 2016
CLIENT IP ADDRESS: XX.ABC.P.LMN
SERVER IP ADDRESS: XX.ABC.Q.GHI
=============================================================
Hi Vallee,I've attached the current set of 'deployConfigContext.xml' and 'cas.properties' .Log can be viewed atThe seemingly interesting portion from it are (not exactly sure what or why)* 'successful bind must be completed on the connection'
[org.ldaptive.auth.Authenticator] - <entry resolution failed for resolver=[org.ldaptive.auth.SearchEntryResolver@499577695::factory=null, baseDn=, userFilter=null, userFilterParameters=null, allowMultipleEntries=false, subtreeSearch=false, derefAliases=null, referralHandler=null, searchEntryHandlers=null]>
org.ldaptive.LdapException: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090748, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]; remaining name 'some...@some.organization.internal'
at org.ldaptive.provider.ProviderUtils.throwOperationExceptionHere values (of baseDn, userFilter, subtreeSearch) are not what I provided in cas.properties and inferred in XML. I have used different names but I tried it with default names as from doc and logs had same symptoms.* the above log is followed by 'Authentication succeeded for dn: some...@some.organization.internal'Now this is confusing, it did but it don't. Even the 'authenticate response' log later has tokens 'result=true, resultCode=SUCCESS'.* then again the old log appears 'LdapAuthenticationHandler failed authenticating someuser'and the log-in fails on CAS Web-UI.
there might be 's/tyops/typos/g' in mail, multi-tasking hazards
Regards,
Abhishek Kumar ( http://abhishekkr.github.io/ )~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=ABK=~
Le lundi 4 avril 2016 14:24:14 UTC+2, Abhishek Kumar a écrit :
Hi,I'm new to Jasig CAS setup.
I'm trying to get CAS setup with ActiveDirectory over LDAP (plan is for LDAPS but need to get the first step done first), CAS deployed over Tomcat-8.I'm using Maven Overlay for (master branch of https://github.com/Jasig/cas-overlay-template.git) with modified 'pom.xml', 'etc/cas.properties' and 'src/main/webapp/WEB-INF/deployerConfigContext.xml'. I've attached here the three modified files.
This setup is starting CAS without any errors, I can open login page on browser. But when I try to authenticate using one of the existing credentials from AD. The log-in attempt fails with the very normal message
2016-04-04 11:22:42,277 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler failed authenticating anotherUser>
2016-04-04 11:22:42,288 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: anotherUser
WHAT: Supplied credentials: [anotherUser]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Mon Apr 04 11:22:42 UTC 2016
CLIENT IP ADDRESS: XX.ABC.P.LMN
SERVER IP ADDRESS: XX.ABC.Q.GHI
=============================================================
...
p:connectionInitializer-ref="fastBindConnectionInitializer" />
<bean id="fastBindConnectionInitializer"
class="org.ldaptive.ad.extended.FastBindOperation.FastBindConnectionInitializer">
...
...
p:connectionInitializer-ref="bindConnectionInitializer" />
<bean id="bindConnectionInitializer"
class="org.ldaptive.BindConnectionInitializer"
p:bindDn="${ldap.authn.managerDN}">
<property name="bindCredential">
<bean class="org.ldaptive.Credential"
c:password="${ldap.authn.managerPassword}" />
</property>
</bean>
....
016-04-05 13:02:47,089 DEBUG [org.ldaptive.auth.Authenticator] - <entry resolution failed for resolver=[org.ldaptive.auth.SearchEntryResolver@76445512::factory=null, baseDn=, userFilter=null, userFilterParameters=null, allowMultipleEntries=false, subtreeSearch=false, derefAliases=null, referralHandler=null, searchEntryHandlers=null]>org.ldaptive.LdapException: javax.naming.InvalidNameException: some...@some.organization.internal: [LDAP: error code 34 - 0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:'some...@some.organization.internal']; remaining name 'some...@some.organization.internal'at org.ldaptive.provider.ProviderUtils.throwOperationException(ProviderUtils.java:55) ~[ldaptive-1.1.0.jar:?]s
2016-04-06 06:46:40,298 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler failed authenticating someUser>
What do your CAS logs say at DEBUG?
==> /tmp/cas.log <==
2016-04-06 12:37:38,200 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP response: [org.ldaptive.auth.AuthenticationResponse@310716820::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS, resolvedDn=some...@some.organization.internal, ldapEntry=[dn=some...@some.organization.internal[]], accountState=null, result=true, resultCode=SUCCESS, message=null, controls=null]
2016-04-06 12:37:38,201 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - No ldap password policy configuration is defined
2016-04-06 12:37:38,201 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP response returned as result. Creating the final LDAP principal
2016-04-06 12:37:38,201 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - Creating LDAP principal for someUser based on some...@some.organization.internal
2016-04-06 12:37:38,202 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - LdapAuthenticationHandler failed authenticating someUser
2016-04-06 12:37:38,202 DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - LdapAuthenticationHandler exception details: sAMAccountName attribute not found for someUser
2016-04-06 12:37:38,205 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - Resolving argument [AuthenticationTransaction] for audit
2016-04-06 12:37:38,205 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - Resolving argument [UsernamePasswordCredential] for audit
2016-04-06 12:37:38,207 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: someUser
WHAT: Supplied credentials: [someUser]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Wed Apr 06 12:37:38 UTC 2016
CLIENT IP ADDRESS: XX.ABC.P.LMN
SERVER IP ADDRESS: XX.ABC.Q.GHI
=============================================================
--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/000401d18ff7%245651cab0%2402f56010%24%40unicon.net.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "jasig-cas-user" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jasig-cas-user/0cQwbWacewk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jasig-cas-use...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.