In the openldap configuration (file or config schema)... You can also look at your ldap logs (at log level 256) and if you see a successfull bind followed by an unsuccessfull search, i think that the issue is here. If not, i don't know...
Le 18/07/2014 11:25, Anitha Thota a écrit : > Where to check this entry attribute. > > In the back end its giving Unable to validate proxy ticket validator issue. > > -----Original Message----- > From: Vincent Repain [mailto:vincent.rep...@insa-rennes.fr] > Sent: Friday, July 18, 2014 2:48 PM > To: cas-user@lists.jasig.org > Subject: Re: [cas-user] CAS 4 and LDAP > > Hi, > FWIW : I had a similar problem and the issue whas opendlap side (i suppose > that you are using openldap), where the bind was OK but the search of the > entry that followed returned no value. > Could you verify that self has read permission on "entry" attribute in your > tree (ou=personnel,ou=people,dc=unice,dc=fr) ? > > Le 17/07/2014 14:06, daniel.char...@unice.fr a écrit : >> Hi, >> >> I have a problem with cas 4 and the connector LDAP. >> I think that i can pass the ldap authentication but the >> PolicyAuthentication Manager don't let me pass. >> I have seen a post here >> (https://groups.google.com/forum/#!msg/jasig-cas-dev/3CyO92Vk8XA/V2RrU >> s3m4e8J >> <https://groups.google.com/forum/#%21msg/jasig-cas-dev/3CyO92Vk8XA/V2R >> rUs3m4e8J>) which say that to resolved my problem i have to edit >> ldapAuthenticationHandler and change by this code : >> if (response.getResult()) { >> return doPostAuthentication(response); } >> >> But the code has changed even if my problem is exactly the same. >> >> >> here my log : >> >> *----------------------------------------* >> *----------------------------------------* >> 014-07-17 13:48:40,402 INFO [org.ldaptive.auth.Authenticator] - >> Authentication succeeded for dn: >> uid=myuser,ou=personnel,ou=people,dc=unice,dc=fr >> 2014-07-17 13:48:40,403 DEBUG [org.ldaptive.auth.Authenticator] - >> authenticate >> response=[org.ldaptive.auth.AuthenticationHandlerResponse@1361780777:: >> connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@42 >> 6627437::config=[org.ldaptive.ConnectionConfig@46831809::ldapUrl=ldap: >> //myldapserveur:389/, connectTimeout=3000, responseTimeout=-1, >> sslConfig=null, useSSL=false, useStartTLS=false, >> connectionInitializer=null], >> providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFa >> ctory@887911370::connectionCount=1, >> environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFact >> ory, com.sun.jndi.ldap.connect.timeout=3000, >> java.naming.ldap.version=3}, >> providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@84493845 >> 8::operationExceptionResultCodes=[PROTOCOL_ERROR, >> SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, >> environment=null, tracePackets=null, removeDnUrls=true, >> searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, >> PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null, >> controlProcessor=org.ldaptive.provider.ControlProcessor@6672a60a]], >> providerConnection=org.ldaptive.provider.jndi.JndiConnection@fa5edeb], >> result=true, resultCode=SUCCESS, message=null, controls=null] for >> dn=uid=myuser,ou=personnel,ou=people,dc=unice,dc=fr with >> request=[org.ldaptive.auth.AuthenticationRequest@1438545291::user=myus >> er, >> retAttrs=[]] >> 2014-07-17 13:48:40,403 DEBUG >> [org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP >> response: >> [org.ldaptive.auth.AuthenticationResponse@306513608::authenticationRes >> ultCode=AUTHENTICATION_HANDLER_SUCCESS, >> ldapEntry=[dn=uid=myuser,ou=personnel,ou=people,dc=unice,dc=fr[]], >> accountState=null, result=true, resultCode=SUCCESS, message=null, >> controls=null] >> 2014-07-17 13:48:40,404 INFO >> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - >> LdapAuthenticationHandler failed authenticating myuser+password >> 2014-07-17 13:48:40,412 INFO >> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - >> Audit trail record BEGIN >> ============================================================= >> WHO: audit:unknown >> WHAT: supplied credentials: [myuser+password] >> ACTION: AUTHENTICATION_FAILED >> APPLICATION: CAS >> WHEN: Thu Jul 17 13:48:40 CEST 2014 >> CLIENT IP ADDRESS: xxxx >> SERVER IP ADDRESS: xxx.unice.fr <http://xxx.unice.fr> >> ============================================================= >> >> >> 2014-07-17 13:48:40,413 INFO >> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - >> Audit trail record BEGIN >> ============================================================= >> WHO: audit:unknown >> WHAT: 1 errors, 0 successes >> ACTION: TICKET_GRANTING_TICKET_NOT_CREATED >> APPLICATION: CAS >> WHEN: Thu Jul 17 13:48:40 CEST 2014 >> CLIENT IP ADDRESS: xxx >> SERVER IP ADDRESS: xxx.unice.fr <http://xxx.unice.fr> >> *----------------------------------------* >> *----------------------------------------* >> >> >> >> >> >> and my deployerConfigContext. (attach file) >> >> >> Someone got an idea ? >> Thanks a lot for your responses. >> >> >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: >> vincent.rep...@insa-rennes.fr To unsubscribe, change settings or >> access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> ----------------------------------------------------------------- >> Daniel CHARLOT >> D.S.I. Université de Nice Sophia-Antipolis Administrateur Systèmes et >> Réseaux 28, avenue de Valrose - BP 2135 - 06103 NICE Tél : >> 04-92-07-67-07 >> >> >> >> >> >> >> >> >> >> >> > > -- > Vincent Repain > INSA de Rennes > Centre de ressources informatiques > 02.23.23.83.31 > > -- Vincent Repain INSA de Rennes Centre de ressources informatiques 02.23.23.83.31 -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
