authentication changes from 1.0.6

[Helge Waastad]

Hi,

I've been running 1.0.5 for sometime but now I wanted to see if I could upgrade ldaptive.

Test code:

        ConnectionConfig connConfig = new ConnectionConfig(URL);

        connConfig.setUseStartTLS(true);

        SslConfig sslConfig = new SslConfig(new AllowAnyTrustManager());

        connConfig.setSslConfig(sslConfig);

        connConfig.setConnectionInitializer(

                new BindConnectionInitializer("<bind-dn>", new Credential("<bind-pw>")));

        DefaultConnectionFactory fac = new DefaultConnectionFactory(connConfig);

        SearchDnResolver dnResolver = new SearchDnResolver(fac);

        dnResolver.setBaseDn("<base-dn>");

        dnResolver.setSubtreeSearch(true);

        dnResolver.setUserFilter("(mail={user})");

        BindAuthenticationHandler authHandler = new BindAuthenticationHandler(fac);

        

        Authenticator auth = new Authenticator(dnResolver, authHandler);

        AuthenticationResponse response = auth.authenticate(new AuthenticationRequest("<user-email>", new Credential("<user-password>")));

in 1.0.5/1.0.6 it's working fine, but from 1.0.7 user is not authenticated.

Probably I'm missing something here, but have'nt found it yet :-)

/hw

[Daniel Fisher]

I can't think of anything that would break on a point upgrade.

Do you have any debug logs you can share?

--Daniel Fisher

--
You received this message because you are subscribed to the Google Groups "ldaptive" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ldaptive+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Helge Waastad]

Hi, sure

two outputs, first one for the one failing (1.0.7) and the last is the working one (1.0.6)

=== Failing ===

[main] TRACE org.ldaptive.ConnectionConfig - setting ldapUrl: ldap://ldap.waa.local

[main] TRACE org.ldaptive.ConnectionConfig - setting useStartTLS: true

[main] TRACE org.ldaptive.ConnectionConfig - setting sslConfig: [org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null]

[main] TRACE org.ldaptive.BindConnectionInitializer - setting bindDn: CN=Kompetanse Web,OU=Service Accounts,OU=waastad,DC=waa,DC=local

[main] TRACE org.ldaptive.BindConnectionInitializer - setting bindCredential: <suppressed>

[main] TRACE org.ldaptive.ConnectionConfig - setting connectionInitializer: [org.ldaptive.BindConnectionInitializer@142257191::bindDn=CN=Kompetanse Web,OU=Service Accounts,OU=waastad,DC=waa,DC=local, bindSaslConfig=null, bindControls=null]

[main] TRACE org.ldaptive.provider.jndi.JndiProviderConfig - setting operationExceptionResultCodes: [PROTOCOL_ERROR, SERVER_DOWN]

[main] TRACE org.ldaptive.provider.jndi.JndiProviderConfig - setting controlProcessor: org.ldaptive.provider.ControlProcessor@7b23ec81

[main] TRACE org.ldaptive.provider.jndi.JndiProviderConfig - setting operationExceptionResultCodes: [PROTOCOL_ERROR, SERVER_DOWN]

[main] TRACE org.ldaptive.provider.jndi.JndiProviderConfig - setting controlProcessor: org.ldaptive.provider.ControlProcessor@6acbcfc0

[main] TRACE org.ldaptive.auth.SearchDnResolver - setting baseDn: DC=waa,DC=local

[main] TRACE org.ldaptive.auth.SearchDnResolver - setting subtreeSearch: true

[main] TRACE org.ldaptive.auth.SearchDnResolver - setting userFilter: (mail={user})

[main] DEBUG org.ldaptive.auth.SearchDnResolver - resolve user=helge....@xxx.xxx

[main] DEBUG org.ldaptive.auth.SearchDnResolver - searching for DN using userFilter

[main] TRACE org.ldaptive.ssl.TLSSocketFactory - Using SSLContextInitializer=[org.ldaptive.ssl.DefaultSSLContextInitializer@1199823423::trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], keyManagers=null, createDefaultTrustManagers=false]

[main] TRACE org.ldaptive.ssl.DefaultSSLContextInitializer - Initialize SSLContext with keyManagers=null and trustManagers=[[org.ldaptive.ssl.AggregateTrustManager@2121055098::trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], trustStrategy=ALL]]

[main] TRACE org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory - [[ldapUrl=ldap://ldap.waa.local, count=0]] Attempting connection to ldap://ldap.waa.local for strategy org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@67424e82

[main] TRACE org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory - startTLS sslSocketFactory = [org.ldaptive.ssl.TLSSocketFactory@1851691492::factory=sun.security.ssl.SSLSocketFactoryImpl@2cdf8d8a, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null]]

[main] DEBUG org.ldaptive.ssl.AggregateTrustManager - checkServerTrusted for org.ldaptive.ssl.AllowAnyTrustManager@4f023edb succeeded

[main] DEBUG org.ldaptive.ssl.AggregateTrustManager - invoking getAcceptedIssuers invoked for org.ldaptive.ssl.AllowAnyTrustManager@4f023edb

[main] DEBUG org.ldaptive.BindOperation - execute request=[org.ldaptive.BindRequest@183264084::bindDn=CN=Kompetanse Web,OU=Service Accounts,OU=waastad,DC=waa,DC=local, saslConfig=null, controls=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@476402209::config=[org.ldaptive.ConnectionConfig@1490180672::ldapUrl=ldap://ldap.waa.local, connectTimeout=-1, responseTimeout=-1, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=true, connectionInitializer=[org.ldaptive.BindConnectionInitializer@142257191::bindDn=CN=Kompetanse Web,OU=Service Accounts,OU=waastad,DC=waa,DC=local, bindSaslConfig=null, bindControls=null]], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@460332449::metadata=[ldapUrl=ldap://ldap.waa.local, count=1], environment={java.naming.ldap.version=3, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1919892312::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@67424e82, controlProcessor=org.ldaptive.provider.ControlProcessor@6acbcfc0, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null], sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1851691492::factory=sun.security.ssl.SSLSocketFactoryImpl@2cdf8d8a, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null]], hostnameVerifier=null], providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@442d9b6e]

[main] DEBUG org.ldaptive.BindOperation - execute response=[org.ldaptive.Response@110718392::result=null, resultCode=SUCCESS, message=null, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1] for request=[org.ldaptive.BindRequest@183264084::bindDn=CN=Kompetanse Web,OU=Service Accounts,OU=waastad,DC=waa,DC=local, saslConfig=null, controls=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@476402209::config=[org.ldaptive.ConnectionConfig@1490180672::ldapUrl=ldap://ldap.waa.local, connectTimeout=-1, responseTimeout=-1, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=true, connectionInitializer=[org.ldaptive.BindConnectionInitializer@142257191::bindDn=CN=Kompetanse Web,OU=Service Accounts,OU=waastad,DC=waa,DC=local, bindSaslConfig=null, bindControls=null]], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@460332449::metadata=[ldapUrl=ldap://ldap.waa.local, count=1], environment={java.naming.ldap.version=3, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1919892312::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@67424e82, controlProcessor=org.ldaptive.provider.ControlProcessor@6acbcfc0, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null], sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1851691492::factory=sun.security.ssl.SSLSocketFactoryImpl@2cdf8d8a, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null]], hostnameVerifier=null], providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@442d9b6e]

[main] DEBUG org.ldaptive.SearchOperation - execute request=[org.ldaptive.SearchRequest@2070673417::baseDn=DC=waa,DC=local, searchFilter=[org.ldaptive.SearchFilter@-287944548::filter=(mail={user}), parameters={user=helge....@xxx.xxx}], returnAttributes=[1.1], searchScope=SUBTREE, timeLimit=0, sizeLimit=0, derefAliases=null, typesOnly=false, binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null, searchReferenceHandlers=null, controls=null, followReferrals=false, intermediateResponseHandlers=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@476402209::config=[org.ldaptive.ConnectionConfig@1490180672::ldapUrl=ldap://ldap.waa.local, connectTimeout=-1, responseTimeout=-1, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=true, connectionInitializer=[org.ldaptive.BindConnectionInitializer@142257191::bindDn=CN=Kompetanse Web,OU=Service Accounts,OU=waastad,DC=waa,DC=local, bindSaslConfig=null, bindControls=null]], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@460332449::metadata=[ldapUrl=ldap://ldap.waa.local, count=1], environment={java.naming.ldap.version=3, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1919892312::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@67424e82, controlProcessor=org.ldaptive.provider.ControlProcessor@6acbcfc0, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null], sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1851691492::factory=sun.security.ssl.SSLSocketFactoryImpl@2cdf8d8a, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null]], hostnameVerifier=null], providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@442d9b6e]

[main] TRACE org.ldaptive.provider.jndi.JndiStartTLSConnection - reading search result: CN=Helge Waastad,OU=Ebusiness\\\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad: null:null:No attributes

[main] TRACE org.ldaptive.provider.jndi.JndiStartTLSConnection - formatting relative dn 'CN=Helge Waastad,OU=Ebusiness\\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad,DC=waa,DC=local'

[main] TRACE org.ldaptive.provider.jndi.JndiStartTLSConnection - formatted dn 'CN=Helge Waastad,OU=Ebusiness\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad,DC=waa,DC=local'

[main] TRACE org.ldaptive.SearchOperation - Received search item=[org.ldaptive.provider.SearchItem@2111991224::searchEntry=[dn=CN=Helge Waastad,OU=Ebusiness\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad,DC=waa,DC=local[], responseControls=null, messageId=-1]]

[main] TRACE org.ldaptive.provider.jndi.JndiStartTLSConnection - read search references: [ldap://DomainDnsZones.waa.local/DC=DomainDnsZones,DC=waa,DC=local, ldap://ForestDnsZones.waa.local/DC=ForestDnsZones,DC=waa,DC=local, ldap://waa.local/CN=Configuration,DC=waa,DC=local]

[main] DEBUG org.ldaptive.SearchOperation - execute response=[org.ldaptive.Response@292938459::result=[org.ldaptive.SearchResult@-960689733::entries=[[dn=CN=Helge Waastad,OU=Ebusiness\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad,DC=waa,DC=local[], responseControls=null, messageId=-1]], references=[]], resultCode=SUCCESS, message=null, matchedDn=null, responseControls=null, referralURLs=[ldap://DomainDnsZones.waa.local/DC=DomainDnsZones,DC=waa,DC=local, ldap://ForestDnsZones.waa.local/DC=ForestDnsZones,DC=waa,DC=local, ldap://waa.local/CN=Configuration,DC=waa,DC=local], messageId=-1] for request=[org.ldaptive.SearchRequest@2070673417::baseDn=DC=waa,DC=local, searchFilter=[org.ldaptive.SearchFilter@-287944548::filter=(mail={user}), parameters={user=helge....@xxx.xxx}], returnAttributes=[1.1], searchScope=SUBTREE, timeLimit=0, sizeLimit=0, derefAliases=null, typesOnly=false, binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null, searchReferenceHandlers=null, controls=null, followReferrals=false, intermediateResponseHandlers=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@476402209::config=[org.ldaptive.ConnectionConfig@1490180672::ldapUrl=ldap://ldap.waa.local, connectTimeout=-1, responseTimeout=-1, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=true, connectionInitializer=[org.ldaptive.BindConnectionInitializer@142257191::bindDn=CN=Kompetanse Web,OU=Service Accounts,OU=waastad,DC=waa,DC=local, bindSaslConfig=null, bindControls=null]], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@460332449::metadata=[ldapUrl=ldap://ldap.waa.local, count=1], environment={java.naming.ldap.version=3, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1919892312::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@67424e82, controlProcessor=org.ldaptive.provider.ControlProcessor@6acbcfc0, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null], sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1851691492::factory=sun.security.ssl.SSLSocketFactoryImpl@2cdf8d8a, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null]], hostnameVerifier=null], providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@442d9b6e]

[main] DEBUG org.ldaptive.auth.SearchDnResolver - resolved dn=CN=Helge Waastad,OU=Ebusiness\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad,DC=waa,DC=local for user=helge....@xxx.xxx

[main] DEBUG org.ldaptive.auth.Authenticator - authenticate dn=CN=Helge Waastad,OU=Ebusiness\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad,DC=waa,DC=local with request=[org.ldaptive.auth.AuthenticationRequest@917142466::user=helge....@xxx.xxx, retAttrs=[1.1]]

[main] DEBUG org.ldaptive.auth.BindAuthenticationHandler - authenticate criteria=[org.ldaptive.auth.AuthenticationCriteria@653305407::dn=CN=Helge Waastad,OU=Ebusiness\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad,DC=waa,DC=local, authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@917142466::user=helge....@xxx.xxx retAttrs=[1.1]]]

[main] TRACE org.ldaptive.ssl.TLSSocketFactory - Using SSLContextInitializer=[org.ldaptive.ssl.DefaultSSLContextInitializer@1130478920::trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], keyManagers=null, createDefaultTrustManagers=false]

[main] TRACE org.ldaptive.ssl.DefaultSSLContextInitializer - Initialize SSLContext with keyManagers=null and trustManagers=[[org.ldaptive.ssl.AggregateTrustManager@1404928347::trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], trustStrategy=ALL]]

[main] TRACE org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory - [[ldapUrl=ldap://ldap.waa.local, count=0]] Attempting connection to ldap://ldap.waa.local for strategy org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@67424e82

[main] TRACE org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory - startTLS sslSocketFactory = [org.ldaptive.ssl.TLSSocketFactory@604107971::factory=sun.security.ssl.SSLSocketFactoryImpl@7637f22, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null]]

[main] DEBUG org.ldaptive.ssl.AggregateTrustManager - checkServerTrusted for org.ldaptive.ssl.AllowAnyTrustManager@4f023edb succeeded

[main] DEBUG org.ldaptive.ssl.AggregateTrustManager - invoking getAcceptedIssuers invoked for org.ldaptive.ssl.AllowAnyTrustManager@4f023edb

[main] DEBUG org.ldaptive.auth.BindAuthenticationHandler - authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@370988149::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1395089624::config=[org.ldaptive.ConnectionConfig@1490180672::ldapUrl=ldap://ldap.waa.local, connectTimeout=-1, responseTimeout=-1, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=true, connectionInitializer=[org.ldaptive.BindConnectionInitializer@142257191::bindDn=CN=Kompetanse Web,OU=Service Accounts,OU=waastad,DC=waa,DC=local, bindSaslConfig=null, bindControls=null]], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1476011703::metadata=[ldapUrl=ldap://ldap.waa.local, count=1], environment={java.naming.ldap.version=3, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1919892312::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@67424e82, controlProcessor=org.ldaptive.provider.ControlProcessor@6acbcfc0, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null], sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@604107971::factory=sun.security.ssl.SSLSocketFactoryImpl@7637f22, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null]], hostnameVerifier=null], providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@5f8ed237], result=false, resultCode=INVALID_CREDENTIALS, message=javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903D3, comment: AcceptSecurityContext error, data 52e, v3839

=== Working ===

[main] TRACE org.ldaptive.ConnectionConfig - setting ldapUrl: ldap://ldap.waa.local

[main] TRACE org.ldaptive.ConnectionConfig - setting useStartTLS: true

[main] TRACE org.ldaptive.ConnectionConfig - setting sslConfig: [org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null]

[main] TRACE org.ldaptive.BindConnectionInitializer - setting bindDn: CN=Kompetanse Web,OU=Service Accounts,OU=waastad,DC=waa,DC=local

[main] TRACE org.ldaptive.BindConnectionInitializer - setting bindCredential: <suppressed>

[main] TRACE org.ldaptive.ConnectionConfig - setting connectionInitializer: [org.ldaptive.BindConnectionInitializer@142257191::bindDn=CN=Kompetanse Web,OU=Service Accounts,OU=waastad,DC=waa,DC=local, bindSaslConfig=null, bindControls=null]

[main] TRACE org.ldaptive.provider.jndi.JndiProviderConfig - setting operationExceptionResultCodes: [PROTOCOL_ERROR, SERVER_DOWN]

[main] TRACE org.ldaptive.provider.jndi.JndiProviderConfig - setting controlProcessor: org.ldaptive.provider.ControlProcessor@7b23ec81

[main] TRACE org.ldaptive.provider.jndi.JndiProviderConfig - setting operationExceptionResultCodes: [PROTOCOL_ERROR, SERVER_DOWN]

[main] TRACE org.ldaptive.provider.jndi.JndiProviderConfig - setting controlProcessor: org.ldaptive.provider.ControlProcessor@6acbcfc0

[main] TRACE org.ldaptive.auth.SearchDnResolver - setting baseDn: DC=waa,DC=local

[main] TRACE org.ldaptive.auth.SearchDnResolver - setting subtreeSearch: true

[main] TRACE org.ldaptive.auth.SearchDnResolver - setting userFilter: (mail={user})

[main] DEBUG org.ldaptive.auth.SearchDnResolver - resolve user=helge....@xxx.xxx

[main] DEBUG org.ldaptive.auth.SearchDnResolver - searching for DN using userFilter

[main] TRACE org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory - [[ldapUrl=ldap://ldap.waa.local, count=0]] Attempting connection to ldap://ldap.waa.local for strategy org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@5c29bfd

[main] TRACE org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory - startTLS sslSocketFactory = [org.ldaptive.ssl.TLSSocketFactory@1268447657::factory=sun.security.ssl.SSLSocketFactoryImpl@5387f9e0, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null]]

[main] DEBUG org.ldaptive.ssl.AggregateTrustManager - checkServerTrusted for org.ldaptive.ssl.AllowAnyTrustManager@4f023edb succeeded

[main] DEBUG org.ldaptive.ssl.AggregateTrustManager - invoking getAcceptedIssuers invoked for org.ldaptive.ssl.AllowAnyTrustManager@4f023edb

[main] DEBUG org.ldaptive.BindOperation - execute request=[org.ldaptive.BindRequest@2121744517::bindDn=CN=Kompetanse Web,OU=Service Accounts,OU=waastad,DC=waa,DC=local, saslConfig=null, controls=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1066376662::config=[org.ldaptive.ConnectionConfig@183264084::ldapUrl=ldap://ldap.waa.local, connectTimeout=-1, responseTimeout=-1, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=true, connectionInitializer=[org.ldaptive.BindConnectionInitializer@142257191::bindDn=CN=Kompetanse Web,OU=Service Accounts,OU=waastad,DC=waa,DC=local, bindSaslConfig=null, bindControls=null]], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@476402209::metadata=[ldapUrl=ldap://ldap.waa.local, count=1], environment={java.naming.ldap.version=3, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1490180672::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@5c29bfd, controlProcessor=org.ldaptive.provider.ControlProcessor@6acbcfc0, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null], sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1268447657::factory=sun.security.ssl.SSLSocketFactoryImpl@5387f9e0, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null]], hostnameVerifier=null], providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@1b701da1]

[main] DEBUG org.ldaptive.BindOperation - execute response=[org.ldaptive.Response@517938326::result=null, resultCode=SUCCESS, message=null, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1] for request=[org.ldaptive.BindRequest@2121744517::bindDn=CN=Kompetanse Web,OU=Service Accounts,OU=waastad,DC=waa,DC=local, saslConfig=null, controls=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1066376662::config=[org.ldaptive.ConnectionConfig@183264084::ldapUrl=ldap://ldap.waa.local, connectTimeout=-1, responseTimeout=-1, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=true, connectionInitializer=[org.ldaptive.BindConnectionInitializer@142257191::bindDn=CN=Kompetanse Web,OU=Service Accounts,OU=waastad,DC=waa,DC=local, bindSaslConfig=null, bindControls=null]], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@476402209::metadata=[ldapUrl=ldap://ldap.waa.local, count=1], environment={java.naming.ldap.version=3, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1490180672::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@5c29bfd, controlProcessor=org.ldaptive.provider.ControlProcessor@6acbcfc0, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null], sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1268447657::factory=sun.security.ssl.SSLSocketFactoryImpl@5387f9e0, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null]], hostnameVerifier=null], providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@1b701da1]

[main] DEBUG org.ldaptive.SearchOperation - execute request=[org.ldaptive.SearchRequest@1609268095::baseDn=DC=waa,DC=local, searchFilter=[org.ldaptive.SearchFilter@-287944548::filter=(mail={user}), parameters={user=helge....@xxx.xxx}], returnAttributes=[1.1], searchScope=SUBTREE, timeLimit=0, sizeLimit=0, derefAliases=null, typesOnly=false, binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null, searchReferenceHandlers=null, controls=null, followReferrals=false, intermediateResponseHandlers=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1066376662::config=[org.ldaptive.ConnectionConfig@183264084::ldapUrl=ldap://ldap.waa.local, connectTimeout=-1, responseTimeout=-1, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=true, connectionInitializer=[org.ldaptive.BindConnectionInitializer@142257191::bindDn=CN=Kompetanse Web,OU=Service Accounts,OU=waastad,DC=waa,DC=local, bindSaslConfig=null, bindControls=null]], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@476402209::metadata=[ldapUrl=ldap://ldap.waa.local, count=1], environment={java.naming.ldap.version=3, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1490180672::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@5c29bfd, controlProcessor=org.ldaptive.provider.ControlProcessor@6acbcfc0, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null], sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1268447657::factory=sun.security.ssl.SSLSocketFactoryImpl@5387f9e0, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null]], hostnameVerifier=null], providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@1b701da1]

[main] TRACE org.ldaptive.provider.jndi.JndiStartTLSConnection - reading search result: CN=Helge Waastad,OU=Ebusiness\\\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad: null:null:No attributes

[main] TRACE org.ldaptive.provider.jndi.JndiStartTLSConnection - formatting relative dn 'CN=Helge Waastad,OU=Ebusiness\\\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad' with baseDn 'DC=waa,DC=local'

[main] TRACE org.ldaptive.provider.jndi.JndiStartTLSConnection - formatted dn 'CN=Helge Waastad,OU=Ebusiness\\\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad' as 'CN=Helge Waastad,OU=Ebusiness\\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad,DC=waa,DC=local'

[main] TRACE org.ldaptive.SearchOperation - Received search item=[org.ldaptive.provider.SearchItem@359023572::searchEntry=[dn=CN=Helge Waastad,OU=Ebusiness\\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad,DC=waa,DC=local[], responseControls=null, messageId=-1]]

[main] TRACE org.ldaptive.provider.jndi.JndiStartTLSConnection - read search references: [ldap://DomainDnsZones.waa.local/DC=DomainDnsZones,DC=waa,DC=local, ldap://ForestDnsZones.waa.local/DC=ForestDnsZones,DC=waa,DC=local, ldap://waa.local/CN=Configuration,DC=waa,DC=local]

[main] DEBUG org.ldaptive.SearchOperation - execute response=[org.ldaptive.Response@305808283::result=[org.ldaptive.SearchResult@2069364391::entries=[[dn=CN=Helge Waastad,OU=Ebusiness\\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad,DC=waa,DC=local[], responseControls=null, messageId=-1]], references=[]], resultCode=SUCCESS, message=null, matchedDn=null, responseControls=null, referralURLs=[ldap://DomainDnsZones.waa.local/DC=DomainDnsZones,DC=waa,DC=local, ldap://ForestDnsZones.waa.local/DC=ForestDnsZones,DC=waa,DC=local, ldap://waa.local/CN=Configuration,DC=waa,DC=local], messageId=-1] for request=[org.ldaptive.SearchRequest@1609268095::baseDn=DC=waa,DC=local, searchFilter=[org.ldaptive.SearchFilter@-287944548::filter=(mail={user}), parameters={user=helge....@xxx.xxx}], returnAttributes=[1.1], searchScope=SUBTREE, timeLimit=0, sizeLimit=0, derefAliases=null, typesOnly=false, binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null, searchReferenceHandlers=null, controls=null, followReferrals=false, intermediateResponseHandlers=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1066376662::config=[org.ldaptive.ConnectionConfig@183264084::ldapUrl=ldap://ldap.waa.local, connectTimeout=-1, responseTimeout=-1, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=true, connectionInitializer=[org.ldaptive.BindConnectionInitializer@142257191::bindDn=CN=Kompetanse Web,OU=Service Accounts,OU=waastad,DC=waa,DC=local, bindSaslConfig=null, bindControls=null]], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@476402209::metadata=[ldapUrl=ldap://ldap.waa.local, count=1], environment={java.naming.ldap.version=3, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1490180672::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@5c29bfd, controlProcessor=org.ldaptive.provider.ControlProcessor@6acbcfc0, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null], sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1268447657::factory=sun.security.ssl.SSLSocketFactoryImpl@5387f9e0, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null]], hostnameVerifier=null], providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@1b701da1]

[main] DEBUG org.ldaptive.auth.SearchDnResolver - resolved dn=CN=Helge Waastad,OU=Ebusiness\\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad,DC=waa,DC=local for user=helge....@xxx.xxx

[main] DEBUG org.ldaptive.auth.Authenticator - authenticate dn=CN=Helge Waastad,OU=Ebusiness\\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad,DC=waa,DC=local with request=[org.ldaptive.auth.AuthenticationRequest@2111991224::user=helge....@xxx.xxx, retAttrs=[1.1]]

[main] DEBUG org.ldaptive.auth.BindAuthenticationHandler - authenticate criteria=[org.ldaptive.auth.AuthenticationCriteria@1993134103::dn=CN=Helge Waastad,OU=Ebusiness\\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad,DC=waa,DC=local, authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@2111991224::user=helge....@xxx.xxx retAttrs=[1.1]]]

[main] TRACE org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory - [[ldapUrl=ldap://ldap.waa.local, count=0]] Attempting connection to ldap://ldap.waa.local for strategy org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@5c29bfd

[main] TRACE org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory - startTLS sslSocketFactory = [org.ldaptive.ssl.TLSSocketFactory@405662939::factory=sun.security.ssl.SSLSocketFactoryImpl@26f0a63f, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null]]

[main] DEBUG org.ldaptive.ssl.AggregateTrustManager - checkServerTrusted for org.ldaptive.ssl.AllowAnyTrustManager@4f023edb succeeded

[main] DEBUG org.ldaptive.ssl.AggregateTrustManager - invoking getAcceptedIssuers invoked for org.ldaptive.ssl.AllowAnyTrustManager@4f023edb

[main] DEBUG org.ldaptive.auth.BindAuthenticationHandler - authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@1227229563::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1982791261::config=[org.ldaptive.ConnectionConfig@183264084::ldapUrl=ldap://ldap.waa.local, connectTimeout=-1, responseTimeout=-1, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=true, connectionInitializer=[org.ldaptive.BindConnectionInitializer@142257191::bindDn=CN=Kompetanse Web,OU=Service Accounts,OU=waastad,DC=waa,DC=local, bindSaslConfig=null, bindControls=null]], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1562557367::metadata=[ldapUrl=ldap://ldap.waa.local, count=1], environment={java.naming.ldap.version=3, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1490180672::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@5c29bfd, controlProcessor=org.ldaptive.provider.ControlProcessor@6acbcfc0, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null], sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@405662939::factory=sun.security.ssl.SSLSocketFactoryImpl@26f0a63f, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null]], hostnameVerifier=null], providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@41a4555e], result=true, resultCode=SUCCESS, message=null, controls=null] for criteria=[org.ldaptive.auth.AuthenticationCriteria@1993134103::dn=CN=Helge Waastad,OU=Ebusiness\\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad,DC=waa,DC=local, authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@2111991224::user=helge....@xxx.xxx, retAttrs=[1.1]]]

[main] TRACE org.ldaptive.auth.Authenticator - resolved entry=[dn=CN=Helge Waastad,OU=Ebusiness\\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad,DC=waa,DC=local[]] with resolver=[org.ldaptive.auth.NoOpEntryResolver@942731712]

[main] INFO org.ldaptive.auth.Authenticator - Authentication succeeded for dn: CN=Helge Waastad,OU=Ebusiness\\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad,DC=waa,DC=local

[main] DEBUG org.ldaptive.auth.Authenticator - authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@1227229563::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1982791261::config=[org.ldaptive.ConnectionConfig@183264084::ldapUrl=ldap://ldap.waa.local, connectTimeout=-1, responseTimeout=-1, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=true, connectionInitializer=[org.ldaptive.BindConnectionInitializer@142257191::bindDn=CN=Kompetanse Web,OU=Service Accounts,OU=waastad,DC=waa,DC=local, bindSaslConfig=null, bindControls=null]], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1562557367::metadata=[ldapUrl=ldap://ldap.waa.local, count=1], environment={java.naming.ldap.version=3, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1490180672::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@5c29bfd, controlProcessor=org.ldaptive.provider.ControlProcessor@6acbcfc0, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null], sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@405662939::factory=sun.security.ssl.SSLSocketFactoryImpl@26f0a63f, sslConfig=[org.ldaptive.ssl.SslConfig@1067040082::credentialConfig=null, trustManagers=[org.ldaptive.ssl.AllowAnyTrustManager@4f023edb], enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null]], hostnameVerifier=null], providerConnection=null], result=true, resultCode=SUCCESS, message=null, controls=null] for dn=CN=Helge Waastad,OU=Ebusiness\\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad,DC=waa,DC=local with request=[org.ldaptive.auth.AuthenticationRequest@2111991224::user=helge....@xxx.xxx, retAttrs=[1.1]]

[Daniel Fisher]

Version 1.0.7 included this fix: https://github.com/vt-middleware/ldaptive/issues/36

Which changed the DN formatting to use SearchResult#getNameInNamespace from SearchResult#getName.

This is apparently losing one of the backslashes in your DN, which is causing authentication to fail.

With Java, JNDI, and LDAP backslashes can get confusing.

How many backslashes should that DN contain?

--Daniel Fisher

On Fri, Nov 4, 2016 at 3:18 AM Helge Waastad <helge....@gmail.com> wrote:

=== Failing ===

[main] TRACE org.ldaptive.provider.jndi.JndiStartTLSConnection - formatting relative dn 'CN=Helge Waastad,OU=Ebusiness\\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad,DC=waa,DC=local'

[main] TRACE org.ldaptive.provider.jndi.JndiStartTLSConnection - formatted dn 'CN=Helge Waastad,OU=Ebusiness\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=waastad,DC=waa,DC=local'

 

=== Working ===

[Daniel Fisher]

I attempted to reproduce this with OpenLDAP and it always escapes backslash in the DN.

What directory are you using?

--Daniel Fisher

[Helge Waastad]

Hi,
thanks for testing.

I'll see if I can do another test a little later today.

I'm using Microsoft AD.

/hw

[Helge Waastad]

Hi,

did a ldapsearch lookup and the response is:

distinguishedName: CN=Helge Waastad,OU=Ebusiness\\System,OU=Fellestjenester,OU

 =Oslo,OU=Users,OU=waastad,DC=waa,DC=local

/hw

We're using both 2012 R2 and 2016 and response is the same for all.

/hw

[Daniel Fisher]

Can you try your java code using the UnboundID provider?

-Dorg.ldaptive.provider=org.ldaptive.provider.unboundid.UnboundIDProvider

Does authentication succeed and what DN does the logs report?

--Daniel Fisher

[Helge Waastad]

No problem,

BTW, is there an easy way of allowing all certs(hosts) while using unboundid?

using AllowAnyTrustManager for standard works for testing but unbound apparently needs another config.

/hw

[Helge Waastad]

Hi,

after some testing I got unboundid (and my certs) working.

UnboundId succeeds with

resolved entry=[dn=CN=Helge Waastad,OU=Ebusiness\\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=Waastad,DC=waa,DC=local

while default provder:

 resolved entry=[dn=CN=Helge Waastad,OU=Ebusiness\System,OU=Fellestjenester,OU=Oslo,OU=Users,OU=Waastad,DC=waa,DC=local

/hw

mandag 7. november 2016 11.55.46 UTC+1 skrev dfisher følgende:

[Daniel Fisher]

I was able to confirm your issue and I pushed a patch for it.

Can you confirm the fix by testing with the latest snapshot?

https://github.com/vt-middleware/maven-repo/tree/master/org/ldaptive/ldaptive/1.0.10-SNAPSHOT

Thanks.

--Daniel Fisher

[Helge Waastad]

Hi

I can confirm that the snapshot works fine.

/hw