Hi Misagh, CAS log in debug mode show following trail while log-in attempt. I've attached the deploymentConfigContext.xml and cas.properties used for this attempt.
> > *==> /tmp/cas.log <== > 2016-04-06 12:37:38,200 DEBUG > [org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP response: > [org.ldaptive.auth.AuthenticationResponse@310716820::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS, > [email protected], > ldapEntry=[[email protected][]], accountState=null, > result=true, resultCode=SUCCESS, message=null, controls=null]* > > *2016-04-06 12:37:38,201 DEBUG > [org.jasig.cas.authentication.LdapAuthenticationHandler] - No ldap password > policy configuration is defined* > > *2016-04-06 12:37:38,201 DEBUG > [org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP response > returned as result. Creating the final LDAP principal* > > *2016-04-06 12:37:38,201 DEBUG > [org.jasig.cas.authentication.LdapAuthenticationHandler] - Creating LDAP > principal for someUser based on [email protected]* > > *2016-04-06 12:37:38,202 INFO > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > LdapAuthenticationHandler failed authenticating someUser* > > *2016-04-06 12:37:38,202 DEBUG > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > LdapAuthenticationHandler exception details: sAMAccountName attribute not > found for someUser* > > *2016-04-06 12:37:38,205 DEBUG > [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - Resolving > argument [AuthenticationTransaction] for audit* > > *2016-04-06 12:37:38,205 DEBUG > [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - Resolving > argument [UsernamePasswordCredential] for audit* > > > > > > > > > > *2016-04-06 12:37:38,207 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record > BEGIN============================================================= > WHO: someUser > WHAT: Supplied credentials: [someUser] > ACTION: AUTHENTICATION_FAILED > APPLICATION: CAS > WHEN: Wed Apr 06 12:37:38 UTC 2016 > CLIENT IP ADDRESS: XX.ABC.P.LMN > SERVER IP ADDRESS: XX.ABC.Q.GHI > > ============================================================= * Also, Apart from this, I tried using '<ldaptive:>' node for 'authenticator'. That failed authentication with error that 'dn=null' i.e. 'DN can't be resolved'. *there might be 's/tyops/typos/g' in mail, multi-tasking hazards* Regards, Abhishek Kumar ( *http://abhishekkr.github.io/ <http://abhishekkr.github.io/> )* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~=ABK=~ On Wed, Apr 6, 2016 at 4:57 PM, Misagh Moayyed <[email protected]> wrote: > What do your CAS logs say at DEBUG? > > > > *From:* Abhishek [ABK] Kumar [mailto:[email protected]] > *Sent:* Wednesday, April 6, 2016 1:22 AM > *To:* Vallee Romain <[email protected]> > *Cc:* CAS Community <[email protected]>; Misagh Moayyed < > [email protected]>; jasig-cas-user <[email protected]> > *Subject:* Re: "LdapAuthenticationHandler failed authenticating > anotherUser <Username>" error in CAS, LDAP, ActiveDirectory > > > > Current state, with ldaptive debug on > > There are no errors displayed in any logs. Log portion for log-in is > available here 'http://pastebin.com/4U85FfEs'. > > > > Logs show 'resultCode=SUCCESS' for all following > > * 'org.ldaptive.SearchOperation', > > * 'org.ldaptive.BindOperation', > > * 'org.ldaptive.auth.PooledBindAuthenticationHandler', > > * '*org.ldaptive.auth.Authenticator*'. > > > > Then just prints > > > *2016-04-06 06:46:40,298 INFO > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > <LdapAuthenticationHandler failed authenticating someUser>* > > > I'm stuck now, as there are no errors/sever/warn in logs to go after. > > > > I've attached current updated state of modified files > (deployConfigContext.xml, cas.properties, pom.xml) from Maven Overlay. > > > > *there might be 's/tyops/typos/g' in mail, multi-tasking hazards* > > > > Regards, > Abhishek Kumar ( *http://abhishekkr.github.io/ > <http://abhishekkr.github.io/> )* > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > ~=ABK=~ > > > > On Tue, Apr 5, 2016 at 6:41 PM, Abhishek [ABK] Kumar < > [email protected]> wrote: > > Hi, > > > > I did a little tweak with 'deployerConfigContext.xml' regarding 'bind' from > > > > > > > > *... p:connectionInitializer-ref="fastBindConnectionInitializer" > /> <bean id="fastBindConnectionInitializer" > > class="org.ldaptive.ad.extended.FastBindOperation.FastBindConnectionInitializer">...* > > > > to > > > > > > > > > > > > > > * ... p:connectionInitializer-ref="bindConnectionInitializer" > /><bean id="bindConnectionInitializer" > class="org.ldaptive.BindConnectionInitializer" > p:bindDn="${ldap.authn.managerDN}"> <property name="bindCredential"> > <bean class="org.ldaptive.Credential" > c:password="${ldap.authn.managerPassword}" /> </property></bean> ....* > > > > > > > > And now the bind error has been replaced by > > > > > > * 'problem 2006 (BAD_NAME), data 8350' > > > > *016-04-05 13:02:47,089 DEBUG [org.ldaptive.auth.Authenticator] - <entry > resolution failed for > resolver=[org.ldaptive.auth.SearchEntryResolver@76445512::factory=null, > baseDn=, userFilter=null, userFilterParameters=null, > allowMultipleEntries=false, subtreeSearch=false, derefAliases=null, > referralHandler=null, searchEntryHandlers=null]>* > > *org.ldaptive.LdapException: javax.naming.InvalidNameException: > [email protected] <[email protected]>: > [LDAP: error code 34 - 0000208F: NameErr: DSID-03100225, problem 2006 > (BAD_NAME), data 8350, best match of:* > > *'[email protected]'* > > *]; remaining name '[email protected]'* > > *at > org.ldaptive.provider.ProviderUtils.throwOperationException(ProviderUtils.java:55) > ~[ldaptive-1.1.0.jar:?]* > > *s* > > > > > > Other 2 success logs and then auth failure is still same. > > > > > > > > > > *there might be 's/tyops/typos/g' in mail, multi-tasking hazards* > > > > Regards, > Abhishek Kumar ( *http://abhishekkr.github.io/ > <http://abhishekkr.github.io/> )* > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > ~=ABK=~ > > > > On Tue, Apr 5, 2016 at 5:22 PM, Abhishek [ABK] Kumar < > [email protected]> wrote: > > adding correct CAS community group id > > > > On Tue, Apr 5, 2016 at 5:13 PM, Abhishek [ABK] Kumar < > [email protected]> wrote: > > Hi Vallee, > > > > I've attached the current set of 'deployConfigContext.xml' and > 'cas.properties' . > > > > Log can be viewed at > > http://pastebin.com/fMRJ6Gug > > > > The seemingly interesting portion from it are (not exactly sure what or > why) > > > > * 'successful bind must be completed on the connection' > > > > > *[org.ldaptive.auth.Authenticator] - <entry resolution failed for > resolver=[org.ldaptive.auth.SearchEntryResolver@499577695::factory=null, > baseDn=, userFilter=null, userFilterParameters=null, > allowMultipleEntries=false, subtreeSearch=false, derefAliases=null, > referralHandler=null, searchEntryHandlers=null]>org.ldaptive.LdapException: > javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: > DSID-0C090748, comment: In order to perform this operation a successful > bind must be completed on the connection., data 0, v2580]; remaining name > '[email protected]'at > org.ldaptive.provider.ProviderUtils.throwOperationException* > > > > Here values (of baseDn, userFilter, subtreeSearch) are not what I provided > in cas.properties and inferred in XML. I have used different names but I > tried it with default names as from doc and logs had same symptoms. > > > > * the above log is followed by '*Authentication succeeded for dn: > [email protected] <[email protected]>* > ' > > > > Now this is confusing, it did but it don't. Even the 'authenticate > response' log later has tokens 'result=true, resultCode=SUCCESS'. > > > > > > * then again the old log appears 'LdapAuthenticationHandler failed > authenticating someuser' > > > > and the log-in fails on CAS Web-UI. > > > > > > > > *there might be 's/tyops/typos/g' in mail, multi-tasking hazards* > > > > Regards, > Abhishek Kumar ( *http://abhishekkr.github.io/ > <http://abhishekkr.github.io/> )* > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > ~=ABK=~ > > > > On Tue, Apr 5, 2016 at 4:02 PM, Vallee Romain <[email protected]> > wrote: > > Can you turn debug on ? > > > > > Le lundi 4 avril 2016 14:24:14 UTC+2, Abhishek Kumar a écrit : > > Hi, > > > > I'm new to Jasig CAS setup. > I'm trying to get CAS setup with ActiveDirectory over LDAP (plan is for > LDAPS but need to get the first step done first), CAS deployed over > Tomcat-8. > > > > I'm using Maven Overlay for (master branch of > https://github.com/Jasig/cas-overlay-template.git) with modified > 'pom.xml', 'etc/cas.properties' and > 'src/main/webapp/WEB-INF/deployerConfigContext.xml'. I've attached here the > three modified files. > > > > This setup is starting CAS without any errors, I can open login page on > browser. But when I try to authenticate using one of the *existing* > credentials from AD. The log-in attempt fails with the very normal message > > > > > > > > > > > > > > *2016-04-04 11:22:42,277 INFO > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > <LdapAuthenticationHandler failed authenticating anotherUser>2016-04-04 > 11:22:42,288 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record > BEGIN=============================================================WHO: > anotherUserWHAT: Supplied credentials: [anotherUser]ACTION: > AUTHENTICATION_FAILEDAPPLICATION: CASWHEN: Mon Apr 04 11:22:42 UTC > 2016CLIENT IP ADDRESS: XX.ABC.P.LMNSERVER IP ADDRESS: > XX.ABC.Q.GHI=============================================================* > > > > > > My guess is one of the 'cas.properties' configuration or > 'deployerConfigContext.xml' attributes are messy and I'm not able to > identify them due to my incomplete knowledge on topic. > > > > Any pointers or trial guidelines will be helpful. > > > > Also in general critic of what is extra or missing from a good > configuration front would be helpful as well. Thanks > > > > Regards, > > AbhishekKr > > > > > > > > > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/000401d18ff7%245651cab0%2402f56010%24%40unicon.net > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/000401d18ff7%245651cab0%2402f56010%24%40unicon.net?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > -- > You received this message because you are subscribed to a topic in the > Google Groups "jasig-cas-user" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/jasig-cas-user/0cQwbWacewk/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAKijsPNwcauJ6-kWUtCLSGkJbtTJWD6w4ou%2ByCLAQNbmvcjhow%40mail.gmail.com. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd "> <modelVersion>4.0.0</modelVersion> <groupId>org.jasig.cas</groupId> <artifactId>cas-overlay</artifactId> <packaging>war</packaging> <version>1.0</version> <build> <plugins> <plugin> <groupId>com.rimerosolutions.maven.plugins</groupId> <artifactId>wrapper-maven-plugin</artifactId> <version>0.0.4</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> <version>2.6</version> <configuration> <warName>cas</warName> <overlays> <overlay> <groupId>org.jasig.cas</groupId> <artifactId>cas-server-webapp</artifactId> <excludes> <exclude>WEB-INF/cas.properties</exclude> <exclude>WEB-INF/classes/log4j2.xml</exclude> <exclude>WEB-INF/classes/log4j2.xml</exclude> </excludes> </overlay> </overlays> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <version>3.3</version> <configuration> <source>1.7</source> <target>1.7</target> </configuration> </plugin> <plugin> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-maven-plugin</artifactId> <version>${maven-jetty-plugin.version}</version> <configuration> <jettyXml>${basedir}/etc/jetty/jetty.xml,${basedir}/etc/jetty/jetty-ssl.xml,${basedir}/etc/jetty/jetty-https.xml</jettyXml> <systemProperties> <systemProperty> <name>org.eclipse.jetty.annotations.maxWait</name> <value>240</value> </systemProperty> </systemProperties> <webApp> <contextPath>/cas</contextPath> <overrideDescriptor>${basedir}/etc/jetty/web.xml</overrideDescriptor> </webApp> <webAppConfig> <allowDuplicateFragmentNames>true</allowDuplicateFragmentNames> </webAppConfig> <jvmArgs>-Dlog4j.configurationFile=/etc/cas/log4j2.xml -Xdebug -Xrunjdwp:transport=dt_socket,address=5000,server=y,suspend=n</jvmArgs> </configuration> </plugin> </plugins> <finalName>cas</finalName> </build> <dependencies> <dependency> <groupId>org.jasig.cas</groupId> <artifactId>cas-server-webapp</artifactId> <version>${cas.version}</version> <type>war</type> <scope>runtime</scope> </dependency> <dependency> <groupId>org.jasig.cas</groupId> <artifactId>cas-server-support-ldap</artifactId> <version>${cas.version}</version> </dependency> <!-- For debugging in IDE --> <dependency> <groupId>org.jasig.cas</groupId> <artifactId>cas-server-core</artifactId> <version>${cas.version}</version> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.1.0</version> <scope>provided</scope> </dependency> <dependency> <groupId>org.jasig.cas</groupId> <artifactId>cas-server-support-saml</artifactId> <version>${cas.version}</version> <scope>runtime</scope> </dependency> </dependencies> <properties> <cas.version>4.2.0</cas.version> <maven-jetty-plugin.version>9.3.6.v20151106</maven-jetty-plugin.version> <maven.compiler.source>1.7</maven.compiler.source> <maven.compiler.target>1.7</maven.compiler.target> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties> <repositories> <repository> <id>sonatype-releases</id> <url>http://oss.sonatype.org/content/repositories/releases/</url> </repository> <repository> <id>sonatype-snapshots</id> <url>https://oss.sonatype.org/content/repositories/snapshots/</url> </repository> </repositories> </project>
<?xml version="1.0" encoding="UTF-8" ?>
<!-- Specify the refresh internal in seconds. -->
<Configuration monitorInterval="60">
<Appenders>
<Console name="console" target="SYSTEM_OUT">
<PatternLayout pattern="%d %p [%c] - <%m>%n"/>
</Console>
<RollingFile name="file" fileName="/tmp/cas.log" append="true"
filePattern="cas-%d{yyyy-MM-dd-HH}-%i.log">
<PatternLayout pattern="%d %p [%c] - %m%n"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10 MB"/>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>
<RollingFile name="auditlogfile" fileName="/tmp/cas_audit.log" append="true"
filePattern="cas_audit-%d{yyyy-MM-dd-HH}-%i.log">
<PatternLayout pattern="%d %p [%c] - %m%n"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10 MB"/>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>
<RollingFile name="perfFileAppender" fileName="/tmp/perfStats.log" append="true"
filePattern="perfStats-%d{yyyy-MM-dd-HH}-%i.log">
<PatternLayout pattern="%m%n"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10 MB"/>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>
</Appenders>
<Loggers>
<AsyncLogger name="org.jasig" level="info" additivity="false" includeLocation="true">
<AppenderRef ref="console"/>
<AppenderRef ref="file"/>
</AsyncLogger>
<AsyncLogger name="org.springframework" level="warn" />
<AsyncLogger name="org.springframework.webflow" level="warn" />
<AsyncLogger name="org.springframework.web" level="warn" />
<Logger name="org.pac4j" level="warn" />
<AsyncLogger name="perfStatsLogger" level="info" additivity="false" includeLocation="true">
<AppenderRef ref="perfFileAppender"/>
</AsyncLogger>
<AsyncLogger name="org.jasig.cas.web.flow" level="info" additivity="true" includeLocation="true">
<AppenderRef ref="file"/>
</AsyncLogger>
<AsyncLogger name="org.jasig.inspektr.audit.support" level="info" includeLocation="true">
<AppenderRef ref="auditlogfile"/>
<AppenderRef ref="file"/>
</AsyncLogger>
<AsyncRoot level="error">
<AppenderRef ref="console"/>
</AsyncRoot>
</Loggers>
</Configuration>
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:p="http://www.springframework.org/schema/p"; xmlns:c="http://www.springframework.org/schema/c"; xmlns:tx="http://www.springframework.org/schema/tx"; xmlns:util="http://www.springframework.org/schema/util"; xmlns:sec="http://www.springframework.org/schema/security"; xmlns:context="http://www.springframework.org/schema/context"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd";> <util:map id="authenticationHandlersResolvers"> <entry key-ref="ldapAuthenticationHandler" value="#{null}" /> </util:map> <util:list id="authenticationMetadataPopulators"> <ref bean="successfulHandlerMetaDataPopulator" /> <ref bean="rememberMeAuthenticationMetaDataPopulator" /> </util:list> <context:annotation-config/> <bean id="authenticationPolicy" class="org.jasig.cas.authentication.AnyAuthenticationPolicy" c:requiredHandlerName="ldapAuthenticationHandler" p:tryAll="true" /> <bean id="ldapPrincipalResolver" class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver"> <!-- Details elided for simplicity --> </bean> <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager" p:authenticationPolicy-ref="authenticationPolicy"> <constructor-arg> <map> <entry key-ref="ldapAuthenticationHandler" value-ref="ldapPrincipalResolver"/> </map> </constructor-arg> <property name="authenticationMetaDataPopulators"> <list> <bean class="org.jasig.cas.authentication.SuccessfulHandlerMetaDataPopulator" /> </list> </property> </bean> <bean id="ldapAuthenticationHandler" class="org.jasig.cas.authentication.LdapAuthenticationHandler" p:principalIdAttribute="sAMAccountName" c:authenticator-ref="authenticator"> <property name="principalAttributeMap"> <map> <entry key="displayName" value="displayName" /> <!-- <entry key="mail" value="mail" /> --> <entry key="memberOf" value="memberOf" /> </map> </property> </bean> <bean id="authenticator" class="org.ldaptive.auth.Authenticator" c:resolver-ref="dnResolver" p:entryResolver-ref="entryResolver" c:handler-ref="authHandler"> <property name="authenticationResponseHandlers"> <list> <bean class="org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler" /> </list> </property> </bean> <bean id="dnResolver" class="org.ldaptive.auth.FormatDnResolver" c:format="${ldap.authn.format}" /> <bean id="authHandler" class="org.ldaptive.auth.PooledBindAuthenticationHandler" p:connectionFactory-ref="pooledLdapConnectionFactory" /> <bean id="pooledLdapConnectionFactory" class="org.ldaptive.pool.PooledConnectionFactory" p:connectionPool-ref="connectionPool" /> <bean id="connectionPool" class="org.ldaptive.pool.BlockingConnectionPool" init-method="initialize" p:poolConfig-ref="ldapPoolConfig" p:blockWaitTime="${cas.ldap.pool.blockWaitTime}" p:validator-ref="searchValidator" p:pruneStrategy-ref="pruneStrategy" p:connectionFactory-ref="connectionFactory" p:failFastInitialize="false" /> <bean id="ldapPoolConfig" class="org.ldaptive.pool.PoolConfig" p:minPoolSize="${cas.ldap.pool.minSize}" p:maxPoolSize="${cas.ldap.pool.maxSize}" p:validateOnCheckOut="${cas.ldap.pool.validateOnCheckout}" p:validatePeriodically="${cas.ldap.pool.validatePeriodically}" p:validatePeriod="${cas.ldap.pool.validatePeriod}" /> <bean id="connectionFactory" class="org.ldaptive.DefaultConnectionFactory" p:connectionConfig-ref="connectionConfig" /> <bean id="connectionConfig" class="org.ldaptive.ConnectionConfig" p:ldapUrl="${cas.ldap.url}" p:connectTimeout="${cas.ldap.connectTimeout}" p:useStartTLS="${cas.ldap.useStartTLS}" p:connectionInitializer-ref="bindConnectionInitializer" /> <bean id="bindConnectionInitializer" class="org.ldaptive.BindConnectionInitializer" p:bindDn="${ldap.authn.managerDN}"> <property name="bindCredential"> <bean class="org.ldaptive.Credential" c:password="${ldap.authn.managerPassword}" /> </property> </bean> <bean id="pruneStrategy" class="org.ldaptive.pool.IdlePruneStrategy" p:prunePeriod="${cas.ldap.pool.prunePeriod}" p:idleTime="${cas.ldap.pool.idleTime}" /> <bean id="searchValidator" class="org.ldaptive.pool.SearchValidator" /> <bean id="entryResolver" class="org.ldaptive.auth.SearchEntryResolver" p:baseDn="${ldap.authn.baseDn}" p:userFilter="userPrincipalName={dn}" p:subtreeSearch="true" /> <!-- also tried with p:userFilter="userPrincipalName={dn}" or user p:userFilter="sAMAccountName={user}" p:userFilter="userPrincipalName={dn}" p:userFilter="sAMAccountName=%u" --> <bean id="searchControls" class="javax.naming.directory.SearchControls" p:searchScope="2" /> <bean id="attributeRepository" class="org.jasig.services.persondir.support.ldap.LdaptivePersonAttributeDao" p:connectionFactory-ref="pooledLdapConnectionFactory" p:baseDN="${ldap.baseDn}" p:searchControls-ref="searchControls" p:searchFilter="userPrincipalName={dn}"> <property name="resultAttributeMapping"> <map> <entry key="member" value="member" /> <entry key="displayName" value="displayName" /> </map> </property> </bean> <alias name="serviceThemeResolver" alias="themeResolver" /> <alias name="defaultTicketRegistry" alias="ticketRegistry" /> <alias name="ticketGrantingTicketExpirationPolicy" alias="grantingTicketExpirationPolicy" /> <alias name="multiTimeUseOrTimeoutExpirationPolicy" alias="serviceTicketExpirationPolicy" /> <alias name="anyAuthenticationPolicy" alias="authenticationPolicy" /> <alias name="acceptAnyAuthenticationPolicyFactory" alias="authenticationPolicyFactory" /> <bean id="serviceRegistryDao" class="org.jasig.cas.services.JsonServiceRegistryDao" c:configDirectory="${service.registry.config.location:classpath:services}" /> <bean id="auditTrailManager" class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> <bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor" p:monitors-ref="monitorsList" /> <alias name="neverThrottle" alias="authenticationThrottle" /> <util:list id="monitorsList"> <bean class="org.jasig.cas.monitor.MemoryMonitor" p:freeMemoryWarnThreshold="10" /> <bean class="org.jasig.cas.monitor.SessionMonitor" p:ticketRegistry-ref="ticketRegistry" p:serviceTicketCountWarnThreshold="5000" p:sessionCountWarnThreshold="100000" /> </util:list> <alias name="defaultPrincipalFactory" alias="principalFactory" /> <alias name="defaultAuthenticationTransactionManager" alias="authenticationTransactionManager" /> <alias name="defaultPrincipalElectionStrategy" alias="principalElectionStrategy" /> </beans>
cas.properties
Description: Binary data
