adding correct CAS community group id On Tue, Apr 5, 2016 at 5:13 PM, Abhishek [ABK] Kumar <[email protected] > wrote:
> Hi Vallee, > > I've attached the current set of 'deployConfigContext.xml' and > 'cas.properties' . > > Log can be viewed at > http://pastebin.com/fMRJ6Gug > > The seemingly interesting portion from it are (not exactly sure what or > why) > > * 'successful bind must be completed on the connection' > >> >> >> >> *[org.ldaptive.auth.Authenticator] - <entry resolution failed for >> resolver=[org.ldaptive.auth.SearchEntryResolver@499577695::factory=null, >> baseDn=, userFilter=null, userFilterParameters=null, >> allowMultipleEntries=false, subtreeSearch=false, derefAliases=null, >> referralHandler=null, searchEntryHandlers=null]>org.ldaptive.LdapException: >> javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: >> DSID-0C090748, comment: In order to perform this operation a successful >> bind must be completed on the connection., data 0, v2580]; remaining name >> '[email protected]' at >> org.ldaptive.provider.ProviderUtils.throwOperationException* > > > Here values (of baseDn, userFilter, subtreeSearch) are not what I provided > in cas.properties and inferred in XML. I have used different names but I > tried it with default names as from doc and logs had same symptoms. > > * the above log is followed by '*Authentication succeeded for dn: > [email protected]*' > > Now this is confusing, it did but it don't. Even the 'authenticate > response' log later has tokens 'result=true, resultCode=SUCCESS'. > > > * then again the old log appears 'LdapAuthenticationHandler failed > authenticating someuser' > > and the log-in fails on CAS Web-UI. > > > > > *there might be 's/tyops/typos/g' in mail, multi-tasking hazards* > > Regards, > Abhishek Kumar ( *http://abhishekkr.github.io/ > <http://abhishekkr.github.io/> )* > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ~=ABK=~ > > On Tue, Apr 5, 2016 at 4:02 PM, Vallee Romain <[email protected]> > wrote: > >> Can you turn debug on ? >> >> >> Le lundi 4 avril 2016 14:24:14 UTC+2, Abhishek Kumar a écrit : >>> >>> Hi, >>> >>> I'm new to Jasig CAS setup. >>> I'm trying to get CAS setup with ActiveDirectory over LDAP (plan is for >>> LDAPS but need to get the first step done first), CAS deployed over >>> Tomcat-8. >>> >>> I'm using Maven Overlay for (master branch of >>> https://github.com/Jasig/cas-overlay-template.git) with modified >>> 'pom.xml', 'etc/cas.properties' and >>> 'src/main/webapp/WEB-INF/deployerConfigContext.xml'. I've attached here the >>> three modified files. >>> >>> This setup is starting CAS without any errors, I can open login page on >>> browser. But when I try to authenticate using one of the *existing* >>> credentials from AD. The log-in attempt fails with the very normal message >>> >>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> *2016-04-04 11:22:42,277 INFO >>>> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - >>>> <LdapAuthenticationHandler failed authenticating anotherUser>2016-04-04 >>>> 11:22:42,288 INFO >>>> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit >>>> trail record >>>> BEGIN=============================================================WHO: >>>> anotherUserWHAT: Supplied credentials: [anotherUser]ACTION: >>>> AUTHENTICATION_FAILEDAPPLICATION: CASWHEN: Mon Apr 04 11:22:42 UTC >>>> 2016CLIENT IP ADDRESS: XX.ABC.P.LMNSERVER IP ADDRESS: >>>> XX.ABC.Q.GHI=============================================================* >>> >>> >>> >>> My guess is one of the 'cas.properties' configuration or >>> 'deployerConfigContext.xml' attributes are messy and I'm not able to >>> identify them due to my incomplete knowledge on topic. >>> >>> Any pointers or trial guidelines will be helpful. >>> >>> Also in general critic of what is extra or missing from a good >>> configuration front would be helpful as well. Thanks >>> >>> Regards, >>> AbhishekKr >>> >> > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAKijsPPi_YP1vR5eO%3DGZKVFyzFFS8cwGXf7QtqWqYUd2hSJMqA%40mail.gmail.com. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
