Change request for org.apereo.cas.util.LdapUtils
46 views
Skip to first unread message
Pablo Vidaurri
Jan 7, 2022, 11:30:45 PM1/7/22
to CAS Developer
For this method in LdapUtils, can a property be wrapped around the
setAuthenticationControls call? I do not have permission to query for the OID "1.3.6.1.4.1.42.2.27.8.5.1" object that ldaptive request during user credential validation. I had to comment out that line for my deployment but I do not want to have to maintain this file.
private static SimpleBindAuthenticationHandler getBindAuthenticationHandler(final ConnectionFactory factory) {
val handler = new SimpleBindAuthenticationHandler(factory);
// wrap this line around a config property
handler.setAuthenticationControls(new PasswordPolicyControl());
return handler;
}
private static SimpleBindAuthenticationHandler getBindAuthenticationHandler(final ConnectionFactory factory) {
val handler = new SimpleBindAuthenticationHandler(factory);
// wrap this line around a config property
handler.setAuthenticationControls(new PasswordPolicyControl());
return handler;
}
Thanks.
-psv
Pablo Vidaurri
Jan 8, 2022, 5:16:33 PM1/8/22
to CAS Developer, Pablo Vidaurri
To follow up, the error returned by oracle ldap is:
authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE, resultCode=INSUFFICIENT_ACCESS_RIGHTS, matchedDN=, diagnosticMessage=The request control with Object Identifier (OID) "1.3.6.1.4.1.42.2.27.8.5.1" cannot be used due to insufficient access rights, referralURLs=[], messageID=3, controls=[]]
and all logins fail.
-psv
Daniel Fisher
Jan 9, 2022, 10:56:22 AM1/9/22
to CAS Developer, Pablo Vidaurri
On Fri, Jan 7, 2022 at 11:30 PM Pablo Vidaurri <psvid...@gmail.com> wrote:
For this method in LdapUtils, can a property be wrapped around the setAuthenticationControls call? I do not have permission to query for the OID "1.3.6.1.4.1.42.2.27.8.5.1" object that ldaptive request during user credential validation. I had to comment out that line for my deployment but I do not want to have to maintain this file.
Pablo Vidaurri
Jun 20, 2023, 12:34:24 PM6/20/23
to CAS Developer, dfisher, Pablo Vidaurri
It looks like this issue has returned with version 6.6.8. I was on 6.3.7 when I reporting the issue, it was resolved shortly after that but I never upgraded. Now upgrading to 6.6.8 and I see issue again.
Pablo Vidaurri
Jun 22, 2023, 10:35:54 AM6/22/23
to CAS Developer, Pablo Vidaurri, dfisher
It looks like
handler.setAuthenticationControls(new PasswordPolicyControl());
private static SimpleBindAuthenticationHandler getPooledBindAuthenticationHandler(final LdapAuthenticationProperties l) {
final var handler = new SimpleBindAuthenticationHandler(newPooledConnectionFactory(l));
handler.setAuthenticationControls(new PasswordPolicyControl());
return handler;
}
is now being called from pac4j-config LdaptiveAuthenticatorBuilder class:
private static SimpleBindAuthenticationHandler getPooledBindAuthenticationHandler(final LdapAuthenticationProperties l) {
final var handler = new SimpleBindAuthenticationHandler(newPooledConnectionFactory(l));
handler.setAuthenticationControls(new PasswordPolicyControl());
return handler;
}
Does not look like any option to not set the controls even via ldap.type value.
Daniel Fisher
Jun 22, 2023, 11:34:39 PM6/22/23
to Pablo Vidaurri, CAS Developer
I’ll get a PR together for pac4j, but it won’t happen until next week.
—Daniel Fisher
On Thu, Jun 22, 2023 at 10:59 PM Pablo Vidaurri <psvid...@gmail.com> wrote:
I ended up commenting out setControls method from ldaptive's AuthenticationRequest.java source via overlay
--Daniel Fisher
Pablo Vidaurri
Jun 22, 2023, 11:34:48 PM6/22/23
to CAS Developer, Pablo Vidaurri, dfisher
I ended up commenting out setControls method from ldaptive's AuthenticationRequest.java source via overlay
Reply all
Reply to author
Forward
0 new messages