I found more log info in our test environment concerning the inability
of CAS to switch to an active AD DC with my configuration.
2020-05-22 09:07:07,607 ERROR
[org.ldaptive.pool.BlockingConnectionPool] - <[
org.ldaptive.pool.BlockingConnectionPool@1704234754::name=null,
poolConfig=[org.ldaptive.pool.PoolConfig@796
4874::minPoolSize=3, maxPoolSize=10, validateOnCheckIn=false,
validateOnCheckOut=true, validatePeriodically=true,
validatePeriod=PT5M, validateTimeout=PT5S], activator=null, passivator=
[org.ldaptive.pool.BindPassivator@697150633::bindRequest=[
org.ldaptive.BindRequest@266593343::bindDn=CN=casldapper,CN=Managed
Service Accounts,DC=ad,DC=wichita,DC=edu, saslConfig=null,
controls=null, referralHandler=null,
intermediateResponseHandlers=null]], validator=[
org.ldaptive.pool.SearchValidator@1322157662::searchRequest=[
org.ldaptive.SearchRequest@1100233085::
baseDn=, searchFilter=[org.ldaptive.SearchFilter@1642584434::filter=(ob
jectClass=*), parameters={}], returnAttributes=[1.1],
searchScope=OBJECT, timeLimit=PT0S, sizeLimit=1, derefAliase
s=null, typesOnly=false, binaryAttributes=null, sortBehavior=UNORDERED,
searchEntryHandlers=null,
searchReferenceHandlers=[org.ldaptive.referral.SearchReferralHandler$Se
archReferenceHan
dler@2bd6895], controls=null,
referralHandler=org.ldaptive.referral.SearchReferralHandler@6c05228e,
intermediateResponseHandlers=null]]
pruneStrategy=[org.ldaptive.pool.IdlePruneStrateg
y@85268059::prunePeriod=PT2H, idleTime=PT10M], connectOnCreate=true,
connectionFactory=[org.ldaptive.DefaultConnectionFactory@1223536490::pr
ovider=org.ldaptive.provider.unboundid.Unboun
dIDProvider@376345b,
config=[org.ldaptive.ConnectionConfig@1176659945::ldapUrl=ldaps://dcsvc
longitude.ad.wichita.edu, connectTimeout=PT3M20S, responseTimeout=PT5S,
sslConfig=[org.ldaptive.ssl.SslConfig@1806177976::credentialConfig=null
, trustManagers=null, hostnameVerifier=org
.ldaptive.ssl.DefaultHostnameVerifier@4e9b6258,
hostnameVerifierConfig=null, enabledCipherSuites=null,
enabledProtocols=null, handshakeCompletedListeners=null], useSSL=true,
useStartTLS
=false, connectionInitializer=[
org.ldaptive.BindConnectionInitializer@
2088588092::bindDn=CN=casldapper
,CN=Managed Service Accounts,DC=ad,DC=wichita,DC=edu,
bindSaslConfig=null, bindCont
rols=null],
connectionStrategy=org.ldaptive.ActivePassiveConnectionStrategy@29b56e75
]], initialized=true, availableCount=0, activeCount=0] unable to
connect to the ldap>
org.ldaptive.LdapException: LDAPException(resultCode=49 (invalid
credentials), diagnosticMessage='80090308: LdapErr: DSID-0C090436,
comment: AcceptSecurityContext error, data 52e, v4563
^@', ldapSDKVersion=4.0.12,
revision=aaefc59e0e6d110bf3a8e8a029adb776f6d2ce28
Please advise.
Thanks,
--
Erik Mallory
Server Analyst
Wichita State University
On Mon, 2020-05-18 at 22:35 -0400, Daniel Fisher wrote: