OK, that’s all correct. Then, the only other possibility is, the ldap authentication does not return that attribute for you. The LDAP entry that is retrieved has an empty collection of attributes.
Does your configuration have the following? <context:component-scan base-package="org.jasig.cas" /> <context:annotation-config /> These should configure the handler to retrieve the principal attributes. If you do have this, the other explanation is that LDAP is not returning attributes for your user. From: Nicolás [mailto:nico...@devels.es] Sent: Saturday, September 19, 2015 10:08 AM To: cas-user@lists.jasig.org Subject: Re: [cas-user] LDAP authentication succeeded but CAS says it's not Could you explain a bit further what does that mean in practice? I have the ldapAuthenticationHandler defined this way (exactly as shown in the documentation): <bean id="ldapAuthenticationHandler" class="org.jasig.cas.authentication.LdapAuthenticationHandler" p:principalIdAttribute="uid" c:authenticator-ref="authenticator"> <property name="principalAttributeMap"> <map> <entry key="uid" value="uid" /> <entry key="member" value="member" /> <entry key="mail" value="mail" /> <entry key="displayName" value="displayName" /> </map> </property> </bean> Is there something else missing so the handler can retrieve the uid attribute? Thanks. El 19/09/15 a las 17:58, Misagh Moayyed escribió: You need to make sure the authentication handler is retrieving that attribute for you. Just because it’s in LDAP it doesn’t mean CAS will get it for you automatically. From: Nicolás [mailto:nico...@devels.es] Sent: Saturday, September 19, 2015 8:35 AM To: cas-user@lists.jasig.org Subject: Re: [cas-user] LDAP authentication succeeded but CAS says it's not There it goes: 2015-09-19 16:28:42,603 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - <Attempting LDAP authentication for myuser+password> 2015-09-19 16:28:42,604 DEBUG [org.ldaptive.auth.FormatDnResolver] - <Formatting DN for myuser with uid=%s,cn=...,dc=...,dc=...> 2015-09-19 16:28:42,605 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate dn=uid=myuser,cn=...,dc=...,dc=... with request=[org.ldaptive.auth.AuthenticationRequest@688444560::user=myuser, retAttrs=[1.1]]> 2015-09-19 16:28:42,605 DEBUG [org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate criteria=[org.ldaptive.auth.AuthenticationCriteria@45829884::dn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.auth.AuthenticationCriteria@45829884::dn=uid=myuser,cn=...,dc=...,dc=> ..., authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@688444560::user=myuser, retAttrs=[1.1]]]> 2015-09-19 16:28:42,607 DEBUG [org.ldaptive.BindOperation] - <execute request=[org.ldaptive.BindRequest@1463714762::bindDn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.BindRequest@1463714762::bindDn=uid=myuser,cn=...,dc=...,dc=> ..., saslConfig=null, controls=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7 <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7> , controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c> ]> 2015-09-19 16:28:42,616 DEBUG [org.ldaptive.BindOperation] - <execute response=[org.ldaptive.Response@1228828549::result=null, resultCode=SUCCESS, message=null, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1] for request=[org.ldaptive.BindRequest@1463714762::bindDn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.BindRequest@1463714762::bindDn=uid=myuser,cn=...,dc=...,dc=> ..., saslConfig=null, controls=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7 <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7> , controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c> ]> 2015-09-19 16:28:42,618 DEBUG [org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldaptive.Defau<authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldap<authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7, controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c], result=true, resultCode=SUCCESS, message=null, controls=null] for criteria=[org.ldaptive.auth.AuthenticationCriteria@45829884::dn=uid=myuser,cn=...,dc=...,dc=..., authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@688444560::user=myuser, retAttrs=[1.1]]]> 2015-09-19 16:28:42,619 INFO [org.ldaptive.auth.Authenticator] - <Authentication succeeded for dn: uid=myuser,cn=...,dc=...,dc=...> 2015-09-19 16:28:42,625 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7 <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7> , controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c> ], result=true, resultCode=SUCCESS, message=null, controls=null] for dn=uid=myuser,cn=...,dc=...,dc=... with request=[org.ldaptive.auth.AuthenticationRequest@688444560::user=myuser, retAttrs=[1.1]]> 2015-09-19 16:28:42,626 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - <LDAP response: [org.ldaptive.auth.AuthenticationResponse@735806018::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS, ldapEntry=[dn=uid=myuser,cn=...,dc=...,dc=...[]], accountState=null, result=true, resultCode=SUCCESS, message=null, controls=null]> 2015-09-19 16:28:42,627 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler failed authenticating myuser+password> 2015-09-19 16:28:42,627 DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler exception details: uid attribute not found for myuser> 2015-09-19 16:28:42,628 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving argument [UsernamePasswordCredential] for audit> 2015-09-19 16:28:42,637 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: myuser+password WHAT: supplied credentials: [myuser+password] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Sat Sep 19 16:28:42 WEST 2015 CLIENT IP ADDRESS: 192.168.1.111 SERVER IP ADDRESS: 192.168.1.40 ============================================================= > 2015-09-19 16:28:42,639 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving argument [UsernamePasswordCredential] for audit> 2015-09-19 16:28:42,640 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: myuser+password WHAT: 1 errors, 0 successes ACTION: TICKET_GRANTING_TICKET_NOT_CREATED APPLICATION: CAS WHEN: Sat Sep 19 16:28:42 WEST 2015 CLIENT IP ADDRESS: 192.168.1.111 SERVER IP ADDRESS: 192.168.1.40 ============================================================= I noticed that now there's a line saying this: 2015-09-19 16:28:42,627 DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler exception details: uid attribute not found for myuser> However, this attribute is indeed present in the LDAP directory for that user and it's accessible by everyone: uid: myuser Thanks. El 19/09/15 a las 15:38, Misagh Moayyed escribió: Change org.jasig.cas to DEBUG and report back please. From: Nicolás [mailto:nico...@devels.es] Sent: Saturday, September 19, 2015 6:30 AM To: cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> Subject: [cas-user] LDAP authentication succeeded but CAS says it's not Hi, I'm having some issue configuring LDAP authentication on CAS 4.1.0. I must say I had this configuration working on 4.0.4 but for some reason, even when successfully authenticating vs. LDAP, CAS says the credentials are not right. This is what I did: 1) deployerConfigContext.xml: Inside the authenticationManager bean, this is the map defined: <constructor-arg> <map> <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> <entry key-ref="ldapAuthenticationHandler" value="#{null}" /> </map> </constructor-arg> 2) deployerConfigContext.xml: Copied and pasted the LDAP support direct bind (http://jasig.github.io/cas/4.1.x/installation/LDAP-Authentication.html#ldap-supporting-direct-bind) config, except that I removed the p:sslConfig-ref="sslConfig" part and the corresponding sslConfig bean, because I'm not using SSL over LDAP. 3) pom.xml: Added the corresponding dependency: <dependency> <groupId>org.jasig.cas</groupId> <artifactId>cas-server-support-ldap</artifactId> <version>${cas.version}</version> </dependency> 4) cas.properties: I customized any needed properties, as I had it in my 4.0.4 working configuration. Now, I access /cas and authenticate, and CAS says the credentials are not right. I had a look at the authentication log and I found the binding be successfull as far as LDAP goes as you can see here: Sep 19 14:07:15 machine slapd[22970]: conn=1004 op=1 BIND anonymous mech=implicit ssf=0 Sep 19 14:07:15 machine slapd[22970]: conn=1004 op=1 BIND dn="uid=myuser,cn=...,dc=...,dc=..." method=128 Sep 19 14:07:15 machine slapd[22970]: conn=1004 op=1 BIND dn="uid=myuser,cn=...,dc=...,dc=..." mech=SIMPLE ssf=0 Sep 19 14:07:15 machine slapd[22970]: conn=1004 op=1 RESULT tag=97 err=0 text= I decide to activate the debugging as mentioned in the Troubleshooting page of the LDAP configuration, and I see the following: 2015-09-19 14:07:15,636 DEBUG [org.ldaptive.auth.FormatDnResolver] - <Formatting DN for myuser with uid=%s,cn=...,dc=...,dc=...> 2015-09-19 14:07:15,637 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate dn=uid=myuser,cn=...,dc=...,dc=... with request=[org.ldaptive.auth.AuthenticationRequest@954293603::user=myuser, retAttrs=[1.1]]> 2015-09-19 14:07:15,637 DEBUG [org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate criteria=[org.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc=> ..., authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@954293603::user=myuser, retAttrs=[1.1]]]> 2015-09-19 14:07:15,639 DEBUG [org.ldaptive.BindOperation] - <execute request=[org.ldaptive.BindRequest@1670297304::bindDn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.BindRequest@1670297304::bindDn=uid=myuser,cn=...,dc=...,dc=> ..., saslConfig=null, controls=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2 <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2> , controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0 <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0> ]> 2015-09-19 14:07:15,643 DEBUG [org.ldaptive.BindOperation] - <execute response=[org.ldaptive.Response@1182007988::result=null, resultCode=SUCCESS, message=null, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1] for request=[org.ldaptive.BindRequest@1670297304::bindDn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.BindRequest@1670297304::bindDn=uid=myuser,cn=...,dc=...,dc=> ..., saslConfig=null, controls=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2 <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2> , controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0 <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0> ]> 2015-09-19 14:07:15,645 DEBUG [org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@1784519566::connection=[org.ldaptive.Defa<authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@1784519566::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2 <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2> , controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0 <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0> ], result=true, resultCode=SUCCESS, message=null, controls=null] for criteria=[org.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc=> ..., authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@954293603::user=myuser, retAttrs=[1.1]]]> 2015-09-19 14:07:15,660 INFO [org.ldaptive.auth.Authenticator] - <Authentication succeeded for dn: uid=myuser,cn=...,dc=...,dc=...> 2015-09-19 14:07:15,662 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@1784519566::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2 <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2> , controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0], result=true, resultCode=SUCCESS, message=null, controls=null] for dn=uid=myuser,cn=...,dc=...,dc=... with request=[org.ldaptive.auth.AuthenticationRequest@954293603::user=myuser, retAttrs=[1.1]]> 2015-09-19 14:07:15,664 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler failed authenticating myuser+password> 2015-09-19 14:07:15,665 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: myuser+password WHAT: supplied credentials: [myuser+password] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Sat Sep 19 14:07:15 WEST 2015 CLIENT IP ADDRESS: 192.168.1.X SERVER IP ADDRESS: 192.168.1.X ============================================================= > 2015-09-19 14:07:15,667 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: myuser+password WHAT: 1 errors, 0 successes ACTION: TICKET_GRANTING_TICKET_NOT_CREATED APPLICATION: CAS WHEN: Sat Sep 19 14:07:15 WEST 2015 CLIENT IP ADDRESS: 192.168.1.X SERVER IP ADDRESS: 192.168.1.X ============================================================= So if CAS says that the authentication succeeded at first, why LdapAuthenticationHandler fails? Any hint will be very appreciated since I'm a bit lost right now. Thanks, Nicolás -- You are currently subscribed to cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> as: mmoay...@unicon.net <mailto:mmoay...@unicon.net> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> as: nico...@devels.es <mailto:nico...@devels.es> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> as: mmoay...@unicon.net <mailto:mmoay...@unicon.net> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> as: nico...@devels.es <mailto:nico...@devels.es> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> as: mmoay...@unicon.net <mailto:mmoay...@unicon.net> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
