CAS 6.3.4 LDAP LPPE configuration problems
74 views
Skip to first unread message
Paweł Dziuba
Sep 24, 2021, 7:36:11 AM9/24/21
to CAS Community
Hi!
I am trying to implement LPPE for LDAP authentication but I seem to have trouble getting it where I want it to be.
I added password policy configuration for one of my LDAP connections and the logs suggest that the account is correctly recognized as disabled but I still end up on login screen with a general error message instead of going to accoutDisabledView.
The piece of config I added
cas.authn.ldap[4].passwordPolicy.type=AD
cas.authn.ldap[4].passwordPolicy.enabled=true
cas.authn.ldap[4].passwordPolicy.account-state-handling-enabled=true
cas.authn.ldap[4].passwordPolicy.strategy=DEFAULT
cas.authn.ldap[4].passwordPolicy.enabled=true
cas.authn.ldap[4].passwordPolicy.account-state-handling-enabled=true
cas.authn.ldap[4].passwordPolicy.strategy=DEFAULT
And the log returned for the specific domain looks like this:
[...] authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE, resultCode=INVALID_CREDENTIALS, matchedDN=, diagnosticMessage=8009030C: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 533, v45632021-09-24 13:15:09,660 DEBUG [org.apereo.cas.authentication.support.DefaultLdapAccountStateHandler] - <Handling LDAP account state error [ACCOUNT_DISABLED]>
2021-09-24 13:15:09,661 INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[LdapAuthenticationHandler] exception details: [].>
Any help would be usefull.
Reply all
Reply to author
Forward
0 new messages