Any further suggestions on what might be causing the system to fail to authenticate users?
Bind with manager password works. Certificates validate. sAMAccountName is set as the search filter. Any suggestions would be appreciated. On Wed, Jun 24, 2015 at 8:26 AM, Mike Seiler <michaelsei...@fuller.edu> wrote: > Daniel, > > Thanks for your your response. I redeployed so that my log files would be > fresh. I've attached the localhost log, the cas.log, and the catalina.out > file to this email. > > Catalina.out has an enormous amount of DEBUG info; I hope it doesn't get > in the way. I also deleted things before the system started loading secure > certificates and connecting to the AD server (if you need the entire log, > let me know and I'll resend). The cas and localhost logs don't seem to > contain much at all. > > If it helps shed some light, I built my system using this Git Repo: > https://github.com/UniconLabs/simple-cas4-overlay-template > > And then added in the AD layer using this documentation: > > http://jasig.github.io/cas/4.0.x/installation/LDAP-Authentication.html#active_directory_authentication > > Thanks, > > Mike > > On Wed, Jun 24, 2015 at 6:39 AM, Daniel Fisher <dfis...@vt.edu> wrote: > >> On Tue, Jun 23, 2015 at 6:33 PM, Mike Seiler <michaelsei...@fuller.edu> >> wrote: >> >>> Daniel, >>> >>> Thanks. I turned on the debug for Ldaptive, and got multiple lines of >>> DEBUG, but none seems to indicate a full error that I can see. >>> >>> If I manually set useSSL to true (in deployerConfigContext), the >>> application initializes fine and cas.log still shows "authentication >>> failed" but there are no other errors to indicate that something is wrong >>> either in catalina.out or cas.log. >>> >> >> Sounds like your properties aren't being applied to the >> deployerConfigContext.xml. >> >> >> >>> The lines containing the useSSL and useStartTLS: >>> ----------------------------------------------- >>> 2015-06-23 15:12:46,814 DEBUG [org.ldaptive.pool.BlockingConnectionPool] >>> - <initialized available queue: >>> [org.ldaptive.pool.Queue@458045035::queueType=LIFO, >>> queue=[org.ldaptive.pool.AbstractConnectionPool$DefaultPooledConnectionProxy@6a3096d4, >>> org.ldaptive.pool.AbstractConnectionPool$DefaultPooledConnectionProxy@630eaf38, >>> org.ldaptive.pool.AbstractConnectionPool$DefaultPooledConnectionProxy@2021f8cc >>> ]]> >>> 2015-06-23 15:12:46,820 DEBUG [org.ldaptive.pool.BlockingConnectionPool] >>> - <prune pool task scheduled for >>> [org.ldaptive.pool.BlockingConnectionPool@1188516673::name=null, >>> poolConfig=[org.ldaptive.pool.PoolConfig@1654322364::minPoolSize=3, >>> maxPoolSize=10, validateOnCheckIn=false, validateOnCheckOut=false, >>> validatePeriodically=true, validatePeriod=300], activator=null, >>> passivator=null, validator=[org.ldaptive.pool.SearchValidator@725194039 >>> ::searchRequest=[org.ldaptive.SearchRequest@88681342::*baseDn=, >>> searchFilter=*[org.ldaptive.SearchFilter@1642584434::filter=(objectClass=*), >>> parameters={}], returnAttributes=[1.1], searchScope=OBJECT, timeLimit=0, >>> sizeLimit=1, derefAliases=null, typesOnly=false, binaryAttributes=null, >>> sortBehavior=UNORDERED, searchEntryHandlers=null, >>> searchReferenceHandlers=null, controls=null, followReferrals=false, >>> intermediateResponseHandlers=null]] >>> pruneStrategy=[org.ldaptive.pool.IdlePruneStrategy@397920599::prunePeriod=300, >>> idleTime=600], connectOnCreate=true, >>> connectionFactory=[org.ldaptive.DefaultConnectionFactory@587430635 >>> ::provider=org.ldaptive.provider.jndi.JndiProvider@397aec42, >>> config=[org.ldaptive.ConnectionConfig@892141193::ldapUrl=ldap:// >>> id.fuller.edu:636, connectTimeout=3000, responseTimeout=-1, >>> sslConfig=[org.ldaptive.ssl.SslConfig@486207397 >>> ::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1427787790::trustCertificates=file:/etc/cas/id_app.pem, >>> authenticationCertificate=null, authenticationKey=null], >>> trustManagers=null, enabledCipherSuites=null, enabledProtocols=null, >>> handshakeCompletedListeners=null], *useSSL=true, useStartTLS=false*, >>> connectionInitializer=null]], initialized=false, availableCount=3, >>> activeCount=0]> >>> >> >> Your connection pool initialized successfully. You're likely having DN >> resolution issues, which may be further indication that your properties >> aren't being applied. If you post an entire log from a single >> authentication attempt I can probably point to the problem. >> >> --Daniel Fisher >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: >> michaelsei...@fuller.edu >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > > > -- > *Michael Seiler* > -------------------------------------------------- > Systems Integration Engineer > Fuller Theological Seminary > Phone: (970) 306-6105 > michaelsei...@fuller.edu > > *Please NOTE:* > I respond to email at 8 AM, 1PM, and at 4:30PM. If you need more > immediate help, please contact TSS (626.584.5675) and they can route the > issue to the appropriate person. If this is a business process life or > death emergency, you may call me at the above number. > -- *Michael Seiler* -------------------------------------------------- Systems Integration Engineer Fuller Theological Seminary Phone: (970) 306-6105 michaelsei...@fuller.edu *Please NOTE:* I respond to email at 8 AM, 1PM, and at 4:30PM. If you need more immediate help, please contact TSS (626.584.5675) and they can route the issue to the appropriate person. If this is a business process life or death emergency, you may call me at the above number. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
