Jérémie, I did some testing and the ldaptive loggers are not nearly as useful as I thought they would be. This logger at debug or trace may provide a little more detail:
<AsyncLogger name="org.apereo.cas.authentication.DefaultAuthenticationManager" level="debug" /> It shows the error message in your email: 2023-06-16 09:12:59,430 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[Static Credentials] exception details: [cas not found in backing map.].> Not sure what 'cas not found in backing map' means though. Check your AD logs to see what AD is doing during the search. Ray On Fri, 2023-06-16 at 02:14 -0700, Jérémie wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi, Thank for the logger, I've added it at the end of log4j2 file and set level todebug Here is my error log now (debug logs doesn't seem to give much more information) : 2023-06-16 09:12:06,090 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.> 2023-06-16 09:12:22,891 WARN [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught exception for org.ldaptive.transport.netty.NettyConnection@472298790::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=2023-06-16T09:09:32.569972500Z, connectionConfig=[org.ldaptive.ConnectionConfig@1751226570::ldapUrl=ldap://localhost:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@1885893078::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@26a2d23f, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=null, connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@1122089449::ldapURLSet=[org.ldaptive.LdapURLSet@1745317225::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]], inactive=[]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@6bd15511, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0x560c13d8, L:/127.0.0.1:64781 - R:localhost/127.0.0.1:389]> 2023-06-16 09:12:22,891 WARN [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught exception for org.ldaptive.transport.netty.NettyConnection@1727297356::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=2023-06-16T09:09:32.523206700Z, connectionConfig=[org.ldaptive.ConnectionConfig@535779327::ldapUrl=ldap://localhost:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@49261306::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@4a6e0d4c, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=null, connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@266689882::ldapURLSet=[org.ldaptive.LdapURLSet@1792062454::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]], inactive=[]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@15176c2c, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0xb8d2a988, L:/127.0.0.1:64767 - R:localhost/127.0.0.1:389]> 2023-06-16 09:12:22,923 WARN [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught exception for org.ldaptive.transport.netty.NettyConnection@1366010559::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=2023-06-16T09:09:32.616917100Z, connectionConfig=[org.ldaptive.ConnectionConfig@1751226570::ldapUrl=ldap://localhost:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@1885893078::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@26a2d23f, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=null, connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@1122089449::ldapURLSet=[org.ldaptive.LdapURLSet@1745317225::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]], inactive=[]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@6bd15511, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0x7884a7fa, L:/127.0.0.1:64785 - R:localhost/127.0.0.1:389]> 2023-06-16 09:12:52,772 WARN [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught exception for org.ldaptive.transport.netty.NettyConnection@111626592::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=2023-06-16T09:09:32.523206700Z, connectionConfig=[org.ldaptive.ConnectionConfig@535779327::ldapUrl=ldap://localhost:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@49261306::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@4a6e0d4c, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=null, connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@266689882::ldapURLSet=[org.ldaptive.LdapURLSet@1792062454::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]], inactive=[]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@15176c2c, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0xea7463b7, L:/127.0.0.1:64769 - R:localhost/127.0.0.1:389]> 2023-06-16 09:12:52,772 WARN [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught exception for org.ldaptive.transport.netty.NettyConnection@1062011479::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=2023-06-16T09:09:32.616917100Z, connectionConfig=[org.ldaptive.ConnectionConfig@1751226570::ldapUrl=ldap://localhost:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@1885893078::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@26a2d23f, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=null, connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@1122089449::ldapURLSet=[org.ldaptive.LdapURLSet@1745317225::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]], inactive=[]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@6bd15511, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0x6ff26ac2, L:/127.0.0.1:64784 - R:localhost/127.0.0.1:389]> 2023-06-16 09:12:52,772 WARN [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught exception for org.ldaptive.transport.netty.NettyConnection@2121328957::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=2023-06-16T09:09:32.538735700Z, connectionConfig=[org.ldaptive.ConnectionConfig@535779327::ldapUrl=ldap://localhost:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@49261306::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@4a6e0d4c, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=null, connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@266689882::ldapURLSet=[org.ldaptive.LdapURLSet@1792062454::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]], inactive=[]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@15176c2c, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0x6c7668c8, L:/127.0.0.1:64771 - R:localhost/127.0.0.1:389]> 2023-06-16 09:12:59,415 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[LdapAuthenticationHandler] exception details: [].> 2023-06-16 09:12:59,430 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[Static Credentials] exception details: [cas not found in backing map.].> 2023-06-16 09:12:59,446 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: cas WHAT: [UsernamePasswordCredential(username=cas, source=null, customFields={})] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Fri Jun 16 09:12:59 UTC 2023 I can find the user using JXplorer and bind connection (also with this user) : [ApplicationFrameHost_s6tzxsAyNK.png] Le jeudi 15 juin 2023 à 18:45:09 UTC+2, Ray Bon a écrit : Jérémie, Here are some loggers for cas ldap: <AsyncLogger name="org.ldaptive" level="${sys:ldap.log.level}" includeLocation="true" /> <!-- INFO Authentication failed for dn: ... DEBUG prints failed log in error reason (among other ldap connection details) --> <AsyncLogger name="org.ldaptive.auth" level="debug" additivity="false" /> Make sure you can authenticate / find the user from another application (I do not know what tools are available for AD). Check your AD logs to see what it thinks the problem is. Ray On Thu, 2023-06-15 at 05:19 -0700, Jérémie wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. I've setup a CAS 6.6.8 and an Active Directory on the same server for test purpose. I can't authenticate to my AD using an account. It seems that CAS cannot find the user inside the AD. Here my cas.properties file (AD section) : ``` # Active Directory cas.authn.ldap[0].type=AD cas.authn.ldap[0].ldapUrl=ldap://localhost:389 cas.authn.ldap[0].useStartTls=false cas.authn.ldap[0].baseDn=DC=AAA,DC=BBB cas.authn.ldap[0].search-filter=(sAMAccountName={user}) cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].dn-format=cn=%s,DC=AAA,DC=BBB ``` I'm using a test user for this with the following DN : CN=cas,CN=Users,DC=AAA,DC=BBB I don't understand what I'm missing here Thank you for any help -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/88aaaf4777075e454d954d4a04a69ff5f04dc6a5.camel%40uvic.ca.