Hi,
I'm trying to implement authentication with uid+pass or mail+pass against ldap
in cas-5.2.2.
Basically it is
authn.ldap[0].userFilter=(|(uid={user})(mail={user})),
authn.ldap[0].principalAttribute=uid
authn.ldap[0].principalAttributeList: uid, mail.
This works fine with uid+pass. If I try mail+pass, I get:
------
2018-02-23 14:18:53,539 DEBUG [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication handler [LdapAuthenticationHandler] successfully authenticated [
x...@yy.de]>
2018-02-23 14:18:53,541 DEBUG [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver] - <Invoking principal resolver [org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver@389a9ff6[returnNullIfNoAttributes=false,principalAttributeName=uid,principalNameTransformer=org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver$$Lambda$73/906424041@6f071d0c,principalFactory=org.apereo.cas.authentication.principal.DefaultPrincipalFactory@d]]>
2018-02-23 14:18:53,587 DEBUG [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver] - <Resolved principal [xx]>
2018-02-23 14:18:53,587 DEBUG [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver] - <Adding attributes [{REMOVED}] for the final principal>
2018-02-23 14:18:53,586 DEBUG [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver] - <Invoking principal resolver [org.apereo.cas.authentication.principal.resolvers.EchoingPrincipalResolver@15af06f[]]>
2018-02-23 14:18:53,587 DEBUG [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver] - <Resolved principal [
x...@yy.de]>
2018-02-23 14:18:53,587 DEBUG [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver] - <Adding attributes [{REMOVED}] for the final principal>
2018-02-23 14:18:53,591 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver@28532753[chain=[org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver@389a9ff6[returnNullIfNoAttributes=false,principalAttributeName=uid,principalNameTransformer=org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver$$Lambda$73/906424041@6f071d0c,principalFactory=org.apereo.cas.authentication.principal.DefaultPrincipalFactory@d], org.apereo.cas.authentication.principal.resolvers.EchoingPrincipalResolver@15af06f[]]]] failed to resolve principal from [
x...@yy.de]>
org.apereo.cas.authentication.PrincipalException: Resolved principals by the chain are not unique because principal resolvers have produced CAS principals with different identifiers which typically is the result of a configuration issue.
------
How this configuration issue can be fixed?
Thanks,
K-D