2016-04-04 11:22:42,277 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler failed authenticating anotherUser>
2016-04-04 11:22:42,288 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: anotherUser
WHAT: Supplied credentials: [anotherUser]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Mon Apr 04 11:22:42 UTC 2016
CLIENT IP ADDRESS: XX.ABC.P.LMN
SERVER IP ADDRESS: XX.ABC.Q.GHI
=============================================================
Hi Vallee,I've attached the current set of 'deployConfigContext.xml' and 'cas.properties' .Log can be viewed atThe seemingly interesting portion from it are (not exactly sure what or why)* 'successful bind must be completed on the connection'
[org.ldaptive.auth.Authenticator] - <entry resolution failed for resolver=[org.ldaptive.auth.SearchEntryResolver@499577695::factory=null, baseDn=, userFilter=null, userFilterParameters=null, allowMultipleEntries=false, subtreeSearch=false, derefAliases=null, referralHandler=null, searchEntryHandlers=null]>
org.ldaptive.LdapException: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090748, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]; remaining name 'some...@some.organization.internal'
at org.ldaptive.provider.ProviderUtils.throwOperationExceptionHere values (of baseDn, userFilter, subtreeSearch) are not what I provided in cas.properties and inferred in XML. I have used different names but I tried it with default names as from doc and logs had same symptoms.* the above log is followed by 'Authentication succeeded for dn: some...@some.organization.internal'Now this is confusing, it did but it don't. Even the 'authenticate response' log later has tokens 'result=true, resultCode=SUCCESS'.* then again the old log appears 'LdapAuthenticationHandler failed authenticating someuser'and the log-in fails on CAS Web-UI.
there might be 's/tyops/typos/g' in mail, multi-tasking hazards
Regards,
Abhishek Kumar ( http://abhishekkr.github.io/ )~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=ABK=~
...
p:connectionInitializer-ref="fastBindConnectionInitializer" />
<bean id="fastBindConnectionInitializer"
class="org.ldaptive.ad.extended.FastBindOperation.FastBindConnectionInitializer">
...
...
p:connectionInitializer-ref="bindConnectionInitializer" />
<bean id="bindConnectionInitializer"
class="org.ldaptive.BindConnectionInitializer"
p:bindDn="${ldap.authn.managerDN}">
<property name="bindCredential">
<bean class="org.ldaptive.Credential"
c:password="${ldap.authn.managerPassword}" />
</property>
</bean>
....
016-04-05 13:02:47,089 DEBUG [org.ldaptive.auth.Authenticator] - <entry resolution failed for resolver=[org.ldaptive.auth.SearchEntryResolver@76445512::factory=null, baseDn=, userFilter=null, userFilterParameters=null, allowMultipleEntries=false, subtreeSearch=false, derefAliases=null, referralHandler=null, searchEntryHandlers=null]>org.ldaptive.LdapException: javax.naming.InvalidNameException: some...@some.organization.internal: [LDAP: error code 34 - 0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:'some...@some.organization.internal']; remaining name 'some...@some.organization.internal'at org.ldaptive.provider.ProviderUtils.throwOperationException(ProviderUtils.java:55) ~[ldaptive-1.1.0.jar:?]s
2016-04-06 06:46:40,298 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler failed authenticating someUser>
What do your CAS logs say at DEBUG?
==> /tmp/cas.log <==
2016-04-06 12:37:38,200 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP response: [org.ldaptive.auth.AuthenticationResponse@310716820::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS, resolvedDn=some...@some.organization.internal, ldapEntry=[dn=some...@some.organization.internal[]], accountState=null, result=true, resultCode=SUCCESS, message=null, controls=null]
2016-04-06 12:37:38,201 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - No ldap password policy configuration is defined
2016-04-06 12:37:38,201 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP response returned as result. Creating the final LDAP principal
2016-04-06 12:37:38,201 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - Creating LDAP principal for someUser based on some...@some.organization.internal
2016-04-06 12:37:38,202 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - LdapAuthenticationHandler failed authenticating someUser
2016-04-06 12:37:38,202 DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - LdapAuthenticationHandler exception details: sAMAccountName attribute not found for someUser
2016-04-06 12:37:38,205 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - Resolving argument [AuthenticationTransaction] for audit
2016-04-06 12:37:38,205 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - Resolving argument [UsernamePasswordCredential] for audit
2016-04-06 12:37:38,207 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: someUser
WHAT: Supplied credentials: [someUser]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Wed Apr 06 12:37:38 UTC 2016
CLIENT IP ADDRESS: XX.ABC.P.LMN
SERVER IP ADDRESS: XX.ABC.Q.GHI
=============================================================
You received this message because you are subscribed to a topic in the Google Groups "jasig-cas-user" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jasig-cas-user/0cQwbWacewk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jasig-cas-use...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
sAMAccountName attribute not found for someUser