cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].bindDn=cn=portal_manager,ou=System Accounts,dc=example,dc=com
cas.authn.ldap[0].bindCredential=***********
cas.authn.ldap[0].baseDn=DC=example,DC=com
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].userFilter=(&(objectCategory=Person)(sAMAccountName={user})(memberOf=CN=SpecificGroupName,OU=Groups,OU=Company,DC=example,DC=com))
cas.authn.ldap[0].usePasswordPolicy=false
cas.authn.ldap[0].principalAttributeId=sAMAccountName
cas.authn.ldap[0].principalAttributePassword=
cas.authn.ldap[0].principalAttributeList=displayName,commonName,email,memberOf
cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true
2018-03-13 17:34:38,515 DEBUG [org.ldaptive.SearchOperation] - <execute request=[org.ldaptive.SearchRequest@-384810870::baseDn=DC=hq,DC=bc, searchFilter=[org.ldaptive.SearchFilter@-1831897358::filter=(&(objectCategory=Person)(sAMAccountName={user})(memberOf=CN=ManagersPortal,OU=Groups,OU=БАНК,DC=hq,DC=bc)), parameters={context=null, user=braliyev_30424}], returnAttributes=[1.1], searchScope=SUBTREE, timeLimit=PT0S, sizeLimit=0, derefAliases=null, typesOnly=false, binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null, searchReferenceHandlers=null, controls=null, referralHandler=null, intermediateResponseHandlers=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1004112938::config=[org.ldaptive.ConnectionConfig@1791270211::ldapUrl=ldap://hq.bc, connectTimeout=PT5S, responseTimeout=PT5S, sslConfig=[org.ldaptive.ssl.SslConfig@887019403::credentialConfig=null, trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=false, connectionInitializer=[org.ldaptive.BindConnectionInitializer@727124254::bindDn=cn=kaspi_portal,ou=System Accounts,dc=hq,dc=bc, bindSaslConfig=null, bindControls=null], connectionStrategy=org.ldaptive.DefaultConnectionStrategy@1e7a75fd], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@
2104222132::metadata=[ldapUrl=ldap://hq.bc, count=1], environment={com.sun.jndi.ldap.connect.timeout=5000, java.naming.ldap.version=3, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.read.timeout=5000}, classLoader=null, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@334577122::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, controlProcessor=org.ldaptive.provider.ControlProcessor@29c0c417, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@6368ec02]>
2018-03-13 17:34:38,521 DEBUG [org.ldaptive.SearchOperation] - <execute response=[org.ldaptive.Response@626954816::result=[org.ldaptive.SearchResult@-1662255094::entries=[], references=[[org.ldaptive.SearchReference@74822743::referralUrls=[ldap://DomainDnsZones.hq.bc/DC=DomainDnsZones,DC=hq,DC=bc], responseControls=null, messageId=-1, referenceResponse=null], [org.ldaptive.SearchReference@-526386759::referralUrls=[ldap://hq.bc/CN=Configuration,DC=hq,DC=bc], responseControls=null, messageId=-1, referenceResponse=null], [org.ldaptive.SearchReference@-1214994231::referralUrls=[ldap://ForestDnsZones.hq.bc/DC=ForestDnsZones,DC=hq,DC=bc], responseControls=null, messageId=-1, referenceResponse=null]]], resultCode=SUCCESS, message=null, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1] for request=[org.ldaptive.SearchRequest@-384810870::baseDn=DC=hq,DC=bc, searchFilter=[org.ldaptive.SearchFilter@-1831897358::filter=(&(objectCategory=Person)(sAMAccountName={user})(memberOf=CN=ManagersPortal,OU=Groups,OU=БАНК,DC=hq,DC=bc)), parameters={context=null, user=braliyev_30424}], returnAttributes=[1.1], searchScope=SUBTREE, timeLimit=PT0S, sizeLimit=0, derefAliases=null, typesOnly=false, binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null, searchReferenceHandlers=null, controls=null, referralHandler=null, intermediateResponseHandlers=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1004112938::config=[org.ldaptive.ConnectionConfig@1791270211::ldapUrl=ldap://hq.bc, connectTimeout=PT5S, responseTimeout=PT5S, sslConfig=[org.ldaptive.ssl.SslConfig@887019403::credentialConfig=null, trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=false, connectionInitializer=[org.ldaptive.BindConnectionInitializer@727124254::bindDn=cn=kaspi_portal,ou=System Accounts,dc=hq,dc=bc, bindSaslConfig=null, bindControls=null], connectionStrategy=org.ldaptive.DefaultConnectionStrategy@1e7a75fd], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@
2104222132::metadata=[ldapUrl=ldap://hq.bc, count=1], environment={com.sun.jndi.ldap.connect.timeout=5000, java.naming.ldap.version=3, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.read.timeout=5000}, classLoader=null, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@334577122::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, controlProcessor=org.ldaptive.provider.ControlProcessor@29c0c417, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@6368ec02]>
2018-03-13 17:34:38,526 INFO [org.ldaptive.auth.PooledSearchDnResolver] - <search for user=[org.ldaptive.auth.User@1756715488::identifier=braliyev_30424, context=null] failed using filter=[org.ldaptive.SearchFilter@-1831897358::filter=(&(objectCategory=Person)(sAMAccountName={user})(memberOf=CN=ManagersPortal,OU=Groups,OU=БАНК,DC=hq,DC=bc)), parameters={context=null, user=braliyev_30424}]>
2018-03-13 17:34:38,526 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] - <resolved dn=null for user=[org.ldaptive.auth.User@1756715488::identifier=braliyev_30424, context=null]>
2018-03-13 17:34:38,526 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate dn=null with request=[org.ldaptive.auth.AuthenticationRequest@1687550059::user=[org.ldaptive.auth.User@1756715488::identifier=braliyev_30424, context=null], returnAttributes=[commonName, sAMAccountName, displayName, memberOf, email], controls=null]>
CAS search request result is empty.
When I change configuration "userFilter" without checking memberOf - cas.authn.ldap[0].userFilter=(&(objectCategory=Person)) authorization works corretly.
I checked my search request in LDAPAdmin utility, he works correctly.