CAS5.3.x - LDAP change password issue

[Jay]

Hi Everyone,

Has any one faced the following issue when trying to change a password in Active Directory through LDAP.

org.ldaptive.LdapException: javax.naming.NoPermissionException: [LDAP: error code 50 - 00000005: SecErr: DSID-031A1256, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

]; remaining name 'CN=test1,OU=People,OU=Palm Drive,OU=LNSS,DC=dev-<domain>,DC=net'

Is it something to do with the Bind account or any settings that I am missing in the CAS application.

Below is my LDAP properties defined for Password change functionality.

cas.authn.pm.ldap.type=AD

cas.authn.pm.ldap.ldapUrl=ldaps://<dev-ldapserver>:636/

cas.authn.pm.ldap.baseDn=DC=dev-<domain>,DC=net

cas.authn.pm.ldap.bindDn=CN=wls,OU=People,OU=LTI,DC=dev-<domain>,DC=net

cas.authn.pm.ldap.bindCredential=********

cas.authn.pm.ldap.searchFilter=sAMAccountName={user}

We have separate CAS properties defined for LDAP as below

cas.authn.ldap[0].type=AUTHENTICATED

cas.authn.ldap[0].ldapUrl=ldaps://<dev-ldapserver>:636/

cas.authn.ldap[0].baseDn=DC=dev-<domain>,DC=net

cas.authn.ldap[0].bindDn=CN=wls,OU=People,OU=LTI,DC=dev-<domain>,DC=net

cas.authn.ldap[0].bindCredential=********

cas.authn.ldap[0].searchFilter=sAMAccountName={user}

Your inputs is much appreciated. 

Thanks & Regards,

Jay

[Jay]

Any one can help me here?

[Felix Schumacher]

Am 02.08.2018 um 06:21 schrieb Jay:

Any one can help me here?

On Tuesday, July 31, 2018 at 1:50:46 PM UTC+5:30, Jay wrote:

Hi Everyone,

Has any one faced the following issue when trying to change a password in Active Directory through LDAP.

org.ldaptive.LdapException: javax.naming.NoPermissionException: [LDAP: error code 50 - 00000005: SecErr: DSID-031A1256, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

The exception is giving you the LDAP error that occurred, when CAS tried to do some stuff with your LDAP server. So it is probably best to ask your local AD expert, why your binddn has not enough rights to change passwords.

Regards,
 Felix

]; remaining name 'CN=test1,OU=People,OU=Palm Drive,OU=LNSS,DC=dev-<domain>,DC=net'

Is it something to do with the Bind account or any settings that I am missing in the CAS application.

Below is my LDAP properties defined for Password change functionality.

cas.authn.pm.ldap.type=AD

cas.authn.pm.ldap.ldapUrl=ldaps://<dev-ldapserver>:636/

cas.authn.pm.ldap.baseDn=DC=dev-<domain>,DC=net

cas.authn.pm.ldap.bindDn=CN=wls,OU=People,OU=LTI,DC=dev-<domain>,DC=net

cas.authn.pm.ldap.bindCredential=********

cas.authn.pm.ldap.searchFilter=sAMAccountName={user}

We have separate CAS properties defined for LDAP as below

cas.authn.ldap[0].type=AUTHENTICATED

cas.authn.ldap[0].ldapUrl=ldaps://<dev-ldapserver>:636/

cas.authn.ldap[0].baseDn=DC=dev-<domain>,DC=net

cas.authn.ldap[0].bindDn=CN=wls,OU=People,OU=LTI,DC=dev-<domain>,DC=net

cas.authn.ldap[0].bindCredential=********

cas.authn.ldap[0].searchFilter=sAMAccountName={user}

Your inputs is much appreciated. 

Thanks & Regards,

Jay

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c7f71a60-e6c7-4a4b-8dc8-748303cec6ce%40apereo.org.

[Jay]

Thanks Felix.

Yes I did reach out to the AD team to check the bind credentials for this issue.

The same bind credentials are used in our old CAS3.5 application and it is working as expected but with the new version CAS5.3.x it cannot change the password.

Thanks,

Jay

[casuser]

Hi Jay, Did you about to find a way out?