Hi Brady, Thanks for responding.
My goal, if possible is to ignore and not chase referrals if at all possible. The response I'm getting already gives me all I need about a user, unfortunately it is just returning the extra result that I want CAS to either not see or ignore. I just don't know how to specify this. I've tried setting the following in the contextSource bean but still getting the same result : <entry key="java.naming.referral" value="ignore" /> I've also tried adding the following as well but still getting the same error. <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate"> <constructor-arg ref="contextSource" /> <property name="ignorePartialResultException" value="true" /> </bean> Is there a filter of some sort I can use? Something different I can do when searching? Paul Chauvet Senior Linux Systems Administrator Chair, Information Security Oversight Committee Computer Services State University of New York at New Paltz Phone: (845) 257-3828 [email protected] ----- Original Message ----- Paul, Did you try adding p:referral="follow"? Another solution is to use the secure global catalog port (3269) instead of the standard ldaps port, but obviously you need to be sure your DC you are going against is also a GC server. Brady McClenon Senior Server Administrator Applications Research & Development Information Technology Services SUNY College at Oneonta 607-436-3203 “Quotes found on the internet are not always accurate.” - Abraham Lincoln From: Paul Chauvet [mailto:[email protected]] Sent: Monday, June 24, 2013 1:45 PM To: [email protected] Subject: [cas-user] Problem with Active Directory CAS auth ("Unprocessed continuation reference") Hi all, I'm having an issue changing how our CAS server authenticates against our Active Directory environment. Previously we were just using using a search base in active directory which contains our current faculty/staff/students (ou=activeusers,dc=ourserver,dc=newpaltz,dc=edu). Now we also need to get people from an 'inactive' area mostly for alumni (ou=inactiveusers,dc=ourserver,dc=newpaltz,dc=edu). I've changed over instead to searching higher up in the tree to get both (using dc=ourserver,dc=newpaltz,dc=edu) for results and have an error with CAS: <blockquote> Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=active,dc=newpaltz,dc=edu' This is happening because (even with the command line utility ldapsearch) an extra result is returned. The first is the user object, the second is what appears to be a referral: <blockquote> ref: ldaps://DomainDnsZones.ourserver.newpaltz.edu/DC=DomainDnsZones,DC=ourserver,DC=newpaltz,DC=edu </blockquote> I'm not sure what to do to handle this. I tried adding p:ignorePartialResultException="true" to the org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler bean (after seeing similar topics previously on the list) but it isn't working. Not sure if there is something I'm missing, or I put this in the wrong bean. Any insight that you may have would be much appreciated! Paul Chauvet Senior Linux Systems Administrator State University of New York at New Paltz [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user </blockquote> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
