El 19/09/15 a las 18:55, Misagh Moayyed escribió: > > OK, that’s all correct. Then, the only other possibility is, the ldap > authentication does not return that attribute for you. The LDAP entry > that is retrieved has an empty collection of attributes. >
If I run the command on the command shell, the uid attribute is returned correctly. This is even more odd since the same configuration was working on my CAS 4.0.4 instance, so I doubt it has anything to do with the LDAP entry. # ldapsearch -x -D 'uid=myuser,cn=...,dc=...,dc=...' -b cn=...,dc=...,dc=... -W uid=myuser uid Enter LDAP Password: # extended LDIF # # LDAPv3 # base <cn=...,dc=...,dc=...> with scope subtree # filter: uid=myuser # requesting: uid # # myuser, ..., ... . ... dn: uid=myuser,cn=...,dc=...,dc=... uid: myuser # search result search: 2 result: 0 Success > Does your configuration have the following? > > <context:component-scan base-package="org.jasig.cas" /> > > <context:annotation-config /> > Yes, I have that defined in the cas-servlet.xml file. > These should configure the handler to retrieve the principal > attributes. If you do have this, the other explanation is that LDAP is > not returning attributes for your user. > It is, additionally if I have this rule in the LDAP configuration, so I think it should be returning all attributes for that user: olcAccess: {0}to * by dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" write by self write by * read > *From:*Nicolás [mailto:nico...@devels.es] > *Sent:* Saturday, September 19, 2015 10:08 AM > *To:* cas-user@lists.jasig.org > *Subject:* Re: [cas-user] LDAP authentication succeeded but CAS says > it's not > > Could you explain a bit further what does that mean in practice? I > have the ldapAuthenticationHandler defined this way (exactly as shown > in the documentation): > > <bean id="ldapAuthenticationHandler" > class="org.jasig.cas.authentication.LdapAuthenticationHandler" > p:principalIdAttribute="uid" > c:authenticator-ref="authenticator"> > <property name="principalAttributeMap"> > <map> > <entry key="uid" value="uid" /> > <entry key="member" value="member" /> > <entry key="mail" value="mail" /> > <entry key="displayName" value="displayName" /> > </map> > </property> > </bean> > > Is there something else missing so the handler can retrieve the uid > attribute? > > Thanks. > > El 19/09/15 a las 17:58, Misagh Moayyed escribió: > > You need to make sure the authentication handler is retrieving > that attribute for you. Just because it’s in LDAP it doesn’t mean > CAS will get it for you automatically. > > *From:*Nicolás [mailto:nico...@devels.es] > *Sent:* Saturday, September 19, 2015 8:35 AM > *To:* cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> > *Subject:* Re: [cas-user] LDAP authentication succeeded but CAS > says it's not > > There it goes: > > 2015-09-19 16:28:42,603 DEBUG > [org.jasig.cas.authentication.LdapAuthenticationHandler] - > <Attempting LDAP authentication for myuser+password> > 2015-09-19 16:28:42,604 DEBUG > [org.ldaptive.auth.FormatDnResolver] - <Formatting DN for > myuser with uid=%s,cn=...,dc=...,dc=...> > 2015-09-19 16:28:42,605 DEBUG > [org.ldaptive.auth.Authenticator] - <authenticate > dn=uid=myuser,cn=...,dc=...,dc=... with > > request=[org.ldaptive.auth.AuthenticationRequest@688444560::user=myuser, > retAttrs=[1.1]]> > 2015-09-19 16:28:42,605 DEBUG > [org.ldaptive.auth.PooledBindAuthenticationHandler] - > <authenticate > > criteria=[org.ldaptive.auth.AuthenticationCriteria@45829884::dn=uid=myuser,cn=...,dc=...,dc= > > <mailto:org.ldaptive.auth.AuthenticationCriteria@45829884::dn=uid=myuser,cn=...,dc=...,dc=>..., > > authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@688444560::user=myuser, > retAttrs=[1.1]]]> > 2015-09-19 16:28:42,607 DEBUG [org.ldaptive.BindOperation] - > <execute > > request=[org.ldaptive.BindRequest@1463714762::bindDn=uid=myuser,cn=...,dc=...,dc= > > <mailto:org.ldaptive.BindRequest@1463714762::bindDn=uid=myuser,cn=...,dc=...,dc=>..., > saslConfig=null, controls=null] with > > connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost, > connectTimeout=3000, responseTimeout=-1, sslConfig=null, > useSSL=false, useStartTLS=false, connectionInitializer=null], > > providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=[ldapUrl=ldap://localhost, > count=1], > > environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, > com.sun.jndi.ldap.connect.timeout=3000, > java.naming.ldap.version=3}, > > providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=[PROTOCOL_ERROR, > SERVER_DOWN], properties={}, > > connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7 > > <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7>, > controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0 > > <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0>, > environment=null, tracePackets=null, removeDnUrls=true, > searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, > SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, > hostnameVerifier=null]], > providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c > > <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c>]> > 2015-09-19 16:28:42,616 DEBUG [org.ldaptive.BindOperation] - > <execute > response=[org.ldaptive.Response@1228828549::result=null, > resultCode=SUCCESS, message=null, matchedDn=null, > responseControls=null, referralURLs=null, messageId=-1] for > > request=[org.ldaptive.BindRequest@1463714762::bindDn=uid=myuser,cn=...,dc=...,dc= > > <mailto:org.ldaptive.BindRequest@1463714762::bindDn=uid=myuser,cn=...,dc=...,dc=>..., > saslConfig=null, controls=null] with > > connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost, > connectTimeout=3000, responseTimeout=-1, sslConfig=null, > useSSL=false, useStartTLS=false, connectionInitializer=null], > > providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=[ldapUrl=ldap://localhost, > count=1], > > environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, > com.sun.jndi.ldap.connect.timeout=3000, > java.naming.ldap.version=3}, > > providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=[PROTOCOL_ERROR, > SERVER_DOWN], properties={}, > > connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7 > > <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7>, > controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0 > > <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0>, > environment=null, tracePackets=null, removeDnUrls=true, > searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, > SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, > hostnameVerifier=null]], > providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c > > <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c>]> > 2015-09-19 16:28:42,618 DEBUG > [org.ldaptive.auth.PooledBindAuthenticationHandler] - > <authenticate > > response=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldaptive.Defau<authenticate > > response=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldap > > <mailto:authenticateresponse=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost,connectTimeout=3000,responseTimeout=-1,sslConfig=null,useSSL=false,useStartTLS=false,connectionInitializer=null%5d,providerConnectionFactory=%5borg.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=%5bldapUrl=ldap://localhost,count=1%5d,environment=%7bjava.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,com.sun.jndi.ldap.connect.timeout=3000,java.naming.ldap.version=3%7d,providerConfig=%5borg.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=%5bPROTOCOL_ERROR,SERVER_DOWN%5d,properties=%7b%7d,connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectio%20nStrategy@305841a7,controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0,environment=null,tracePackets%20=null,removeDnUrls=true,searchIgnoreResultCodes=%5bTIME_LIMIT_EXCEEDED,SIZE_LIMIT_EXCEEDED,PARTIAL_RESULTS%5d,sslSocketFactory=null,hostnameVerifier=null%5d%5d,providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c%5d,result=true,resultCode=SUCCESS,message=null,controls=null%5dforcriteria=%5borg.ldaptive.auth.AuthenticationCriteria@45829884::dn=uid=myuser,cn=...,dc=...,dc=...,authenticationRequest=%5borg.ldaptive.auth.AuthenticationRequest@688444560::user=myuser,retAttrs=%5b1.1%5d%5d%5d><authenticate > > response=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost, > connectTimeout=3000, responseTimeout=-1, sslConfig=null, > useSSL=false, useStartTLS=false, connectionInitializer=null], > > providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=[ldapUrl=ldap://localhost, > count=1], > > environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, > com.sun.jndi.ldap.connect.timeout=3000, > java.naming.ldap.version=3}, > > providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=[PROTOCOL_ERROR, > SERVER_DOWN], properties={}, > > connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7, > controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0, > environment=null, tracePackets=null, removeDnUrls=true, > searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, > SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, > hostnameVerifier=null]], > > providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c], > result=true, resultCode=SUCCESS, message=null, controls=null] > for > > criteria=[org.ldaptive.auth.AuthenticationCriteria@45829884::dn=uid=myuser,cn=...,dc=...,dc=..., > > authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@688444560::user=myuser, > retAttrs=[1.1]]]> > > <mailto:authenticateresponse=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost,connectTimeout=3000,responseTimeout=-1,sslConfig=null,useSSL=false,useStartTLS=false,connectionInitializer=null%5d,providerConnectionFactory=%5borg.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=%5bldapUrl=ldap://localhost,count=1%5d,environment=%7bjava.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,com.sun.jndi.ldap.connect.timeout=3000,java.naming.ldap.version=3%7d,providerConfig=%5borg.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=%5bPROTOCOL_ERROR,SERVER_DOWN%5d,properties=%7b%7d,connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectio%20nStrategy@305841a7,controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0,environment=null,tracePackets=null,removeDnUrls=true,searchIgnoreResultCodes=%5bTIME_LIMIT_EXCEEDED,SIZE_LIMIT_EXCEEDED,PARTIAL_RESULTS%5d,sslSocketFactory=null,hostnameVerifier=null%5d%5d,providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c%5d,result=true,resultCode=SUCCESS,message=null,controls=null%5dforcriteria=%5borg.ldaptive.auth.AuthenticationCriteria@45829884::dn=uid=myuser,cn=...,dc=...,dc=...,authenticationRequest=%5borg.ldaptive.auth.AuthenticationRequest@688444560::user=myuser,retAttrs=%5b1.1%5d%5d%5d> > 2015-09-19 16:28:42,619 INFO [org.ldaptive.auth.Authenticator] > - <Authentication succeeded for dn: > uid=myuser,cn=...,dc=...,dc=...> > 2015-09-19 16:28:42,625 DEBUG > [org.ldaptive.auth.Authenticator] - <authenticate > > response=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost, > connectTimeout=3000, responseTimeout=-1, sslConfig=null, > useSSL=false, useStartTLS=false, connectionInitializer=null], > > providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=[ldapUrl=ldap://localhost, > count=1], > > environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, > com.sun.jndi.ldap.connect.timeout=3000, > java.naming.ldap.version=3}, > > providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=[PROTOCOL_ERROR, > SERVER_DOWN], properties={}, > > connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7 > > <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7>, > controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0 > > <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0>, > environment=null, tracePackets=null, removeDnUrls=true, > searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, > SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, > hostnameVerifier=null]], > providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c > > <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c>], > result=true, resultCode=SUCCESS, message=null, controls=null] > for dn=uid=myuser,cn=...,dc=...,dc=... with > > request=[org.ldaptive.auth.AuthenticationRequest@688444560::user=myuser, > retAttrs=[1.1]]> > 2015-09-19 16:28:42,626 DEBUG > [org.jasig.cas.authentication.LdapAuthenticationHandler] - > <LDAP response: > > [org.ldaptive.auth.AuthenticationResponse@735806018::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS, > ldapEntry=[dn=uid=myuser,cn=...,dc=...,dc=...[]], > accountState=null, result=true, resultCode=SUCCESS, > message=null, controls=null]> > 2015-09-19 16:28:42,627 INFO > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > <LdapAuthenticationHandler failed authenticating myuser+password> > 2015-09-19 16:28:42,627 DEBUG > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > <LdapAuthenticationHandler exception details: uid attribute > not found for myuser> > 2015-09-19 16:28:42,628 DEBUG > [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] > - <Resolving argument [UsernamePasswordCredential] for audit> > 2015-09-19 16:28:42,637 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] > - <Audit trail record BEGIN > ============================================================= > WHO: myuser+password > WHAT: supplied credentials: [myuser+password] > ACTION: AUTHENTICATION_FAILED > APPLICATION: CAS > WHEN: Sat Sep 19 16:28:42 WEST 2015 > CLIENT IP ADDRESS: 192.168.1.111 > SERVER IP ADDRESS: 192.168.1.40 > ============================================================= > > > > 2015-09-19 16:28:42,639 DEBUG > [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] > - <Resolving argument [UsernamePasswordCredential] for audit> > 2015-09-19 16:28:42,640 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] > - <Audit trail record BEGIN > ============================================================= > WHO: myuser+password > WHAT: 1 errors, 0 successes > ACTION: TICKET_GRANTING_TICKET_NOT_CREATED > APPLICATION: CAS > WHEN: Sat Sep 19 16:28:42 WEST 2015 > CLIENT IP ADDRESS: 192.168.1.111 > SERVER IP ADDRESS: 192.168.1.40 > ============================================================= > > I noticed that now there's a line saying this: > > 2015-09-19 16:28:42,627 DEBUG > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > <LdapAuthenticationHandler exception details: uid attribute not > found for myuser> > > However, this attribute is indeed present in the LDAP directory > for that user and it's accessible by everyone: > > uid: myuser > > Thanks. > > El 19/09/15 a las 15:38, Misagh Moayyed escribió: > > Change org.jasig.cas to DEBUG and report back please. > > *From:*Nicolás [mailto:nico...@devels.es] > *Sent:* Saturday, September 19, 2015 6:30 AM > *To:* cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> > *Subject:* [cas-user] LDAP authentication succeeded but CAS > says it's not > > Hi, > > I'm having some issue configuring LDAP authentication on CAS > 4.1.0. I must say I had this configuration working on 4.0.4 > but for some reason, even when successfully authenticating vs. > LDAP, CAS says the credentials are not right. > > This is what I did: > > 1) deployerConfigContext.xml: Inside the authenticationManager > bean, this is the map defined: > <constructor-arg> > <map> > <entry key-ref="proxyAuthenticationHandler" > value-ref="proxyPrincipalResolver" /> > <entry key-ref="ldapAuthenticationHandler" > value="#{null}" /> > </map> > </constructor-arg> > > 2) deployerConfigContext.xml: Copied and pasted the LDAP > support direct bind > > (http://jasig.github.io/cas/4.1.x/installation/LDAP-Authentication.html#ldap-supporting-direct-bind) > config, except that I removed the p:sslConfig-ref="sslConfig" > part and the corresponding sslConfig bean, because I'm not > using SSL over LDAP. > > 3) pom.xml: Added the corresponding dependency: > <dependency> > <groupId>org.jasig.cas</groupId> > <artifactId>cas-server-support-ldap</artifactId> > <version>${cas.version}</version> > </dependency> > > 4) cas.properties: I customized any needed properties, as I > had it in my 4.0.4 working configuration. > > Now, I access /cas and authenticate, and CAS says the > credentials are not right. I had a look at the authentication > log and I found the binding be successfull as far as LDAP goes > as you can see here: > > Sep 19 14:07:15 machine slapd[22970]: conn=1004 op=1 BIND > anonymous mech=implicit ssf=0 > Sep 19 14:07:15 machine slapd[22970]: conn=1004 op=1 BIND > dn="uid=myuser,cn=...,dc=...,dc=..." method=128 > Sep 19 14:07:15 machine slapd[22970]: conn=1004 op=1 BIND > dn="uid=myuser,cn=...,dc=...,dc=..." mech=SIMPLE ssf=0 > Sep 19 14:07:15 machine slapd[22970]: conn=1004 op=1 > RESULT tag=97 err=0 text= > > I decide to activate the debugging as mentioned in the > Troubleshooting page of the LDAP configuration, and I see the > following: > > 2015-09-19 14:07:15,636 DEBUG > [org.ldaptive.auth.FormatDnResolver] - <Formatting DN for > myuser with uid=%s,cn=...,dc=...,dc=...> > 2015-09-19 14:07:15,637 DEBUG > [org.ldaptive.auth.Authenticator] - <authenticate > dn=uid=myuser,cn=...,dc=...,dc=... with > > request=[org.ldaptive.auth.AuthenticationRequest@954293603::user=myuser, > retAttrs=[1.1]]> > 2015-09-19 14:07:15,637 DEBUG > [org.ldaptive.auth.PooledBindAuthenticationHandler] - > <authenticate > > criteria=[org.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc= > > <mailto:org.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc=>..., > > authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@954293603::user=myuser, > retAttrs=[1.1]]]> > 2015-09-19 14:07:15,639 DEBUG [org.ldaptive.BindOperation] > - <execute > > request=[org.ldaptive.BindRequest@1670297304::bindDn=uid=myuser,cn=...,dc=...,dc= > > <mailto:org.ldaptive.BindRequest@1670297304::bindDn=uid=myuser,cn=...,dc=...,dc=>..., > saslConfig=null, controls=null] with > > connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl=ldap://localhost, > connectTimeout=3000, responseTimeout=-1, sslConfig=null, > useSSL=false, useStartTLS=false, > connectionInitializer=null], > > providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=[ldapUrl=ldap://localhost, > count=1], > > environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, > com.sun.jndi.ldap.connect.timeout=3000, > java.naming.ldap.version=3}, > > providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=[PROTOCOL_ERROR, > SERVER_DOWN], properties={}, > > connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2 > > <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2>, > controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587 > > <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587>, > environment=null, tracePackets=null, removeDnUrls=true, > searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, > SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], > sslSocketFactory=null, hostnameVerifier=null]], > > providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0 > > <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0>]> > 2015-09-19 14:07:15,643 DEBUG [org.ldaptive.BindOperation] > - <execute > response=[org.ldaptive.Response@1182007988::result=null, > resultCode=SUCCESS, message=null, matchedDn=null, > responseControls=null, referralURLs=null, messageId=-1] > for > > request=[org.ldaptive.BindRequest@1670297304::bindDn=uid=myuser,cn=...,dc=...,dc= > > <mailto:org.ldaptive.BindRequest@1670297304::bindDn=uid=myuser,cn=...,dc=...,dc=>..., > saslConfig=null, controls=null] with > > connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl=ldap://localhost, > connectTimeout=3000, responseTimeout=-1, sslConfig=null, > useSSL=false, useStartTLS=false, > connectionInitializer=null], > > providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=[ldapUrl=ldap://localhost, > count=1], > > environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, > com.sun.jndi.ldap.connect.timeout=3000, > java.naming.ldap.version=3}, > > providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=[PROTOCOL_ERROR, > SERVER_DOWN], properties={}, > > connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2 > > <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2>, > controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587 > > <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587>, > environment=null, tracePackets=null, removeDnUrls=true, > searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, > SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], > sslSocketFactory=null, hostnameVerifier=null]], > > providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0 > > <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0>]> > 2015-09-19 14:07:15,645 DEBUG > [org.ldaptive.auth.PooledBindAuthenticationHandler] - > <authenticate > > response=[org.ldaptive.auth.AuthenticationHandlerResponse@1784519566::connection=[org.ldaptive.Defa<authenticate > > response=[org.ldaptive.auth.AuthenticationHandlerResponse@1784519566::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl= > > <mailto:authenticateresponse=[org.ldaptive.auth.AuthenticationHandlerResponse@1784519566::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl=ldap://localhost,connectTimeout=3000,responseTimeout=-1,sslConfig=null,useSSL=false,useStartTLS=false,connectionInitializer=null%5d,providerConnectionFactory=%5borg.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=%5bldapUrl=ldap://localhost,count=1%5d,environment=%7bjava.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,com.sun.jndi.ldap.connect.timeout=3000,java.naming.ldap.version=3%7d,providerConfig=%5borg.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=%5bPROTOCOL_ERROR,SERVER_DOWN%5d,properties=%7b%7d,connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionS%20trategy@65f55fd2,controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587,environment=null,tracePackets=n%20%20ull,removeDnUrls=true,searchIgnoreResultCodes=%5bTIME_LIMIT_EXCEEDED,SIZE_LIMIT_EXCEEDED,PARTIAL_RESULTS%5d,sslSocketFactory=null,hostnameVerifier=null%5d%5d,providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0%5d,result=true,resultCode=SUCCESS,message=null,controls=null%5dforcriteria=%5borg.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc=...,authenticationRequest=%5borg.ldaptive.auth.AuthenticationRequest@954293603::user=myuser,retAttrs=%5b1.1%5d%5d%5d>ldap://localhost, > connectTimeout=3000, responseTimeout=-1, sslConfig=null, > useSSL=false, useStartTLS=false, > connectionInitializer=null], > > providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=[ldapUrl=ldap://localhost, > count=1], > > environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, > com.sun.jndi.ldap.connect.timeout=3000, > java.naming.ldap.version=3}, > > providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=[PROTOCOL_ERROR, > SERVER_DOWN], properties={}, > > connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2 > > <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2>, > controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587 > > <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587>, > environment=null, tracePackets=null, removeDnUrls=true, > searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, > SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], > sslSocketFactory=null, hostnameVerifier=null]], > > providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0 > > <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0>], > result=true, resultCode=SUCCESS, message=null, > controls=null] for > > criteria=[org.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc= > > <mailto:org.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc=>..., > > authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@954293603::user=myuser, > retAttrs=[1.1]]]> > 2015-09-19 14:07:15,660 INFO > [org.ldaptive.auth.Authenticator] - <Authentication > succeeded for dn: uid=myuser,cn=...,dc=...,dc=...> > 2015-09-19 14:07:15,662 DEBUG > [org.ldaptive.auth.Authenticator] - <authenticate > > response=[org.ldaptive.auth.AuthenticationHandlerResponse@1784519566::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl=ldap://localhost, > connectTimeout=3000, responseTimeout=-1, sslConfig=null, > useSSL=false, useStartTLS=false, > connectionInitializer=null], > > providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=[ldapUrl=ldap://localhost, > count=1], > > environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, > com.sun.jndi.ldap.connect.timeout=3000, > java.naming.ldap.version=3}, > > providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=[PROTOCOL_ERROR, > SERVER_DOWN], properties={}, > > connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2 > > <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2>, > controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587 > > <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587>, > environment=null, tracePackets=null, removeDnUrls=true, > searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, > SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], > sslSocketFactory=null, hostnameVerifier=null]], > > providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0 > > <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0>], > result=true, resultCode=SUCCESS, message=null, > controls=null] for dn=uid=myuser,cn=...,dc=...,dc=... with > > request=[org.ldaptive.auth.AuthenticationRequest@954293603::user=myuser, > retAttrs=[1.1]]> > 2015-09-19 14:07:15,664 INFO > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] > - <LdapAuthenticationHandler failed authenticating > myuser+password> > 2015-09-19 14:07:15,665 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] > - <Audit trail record BEGIN > ============================================================= > WHO: myuser+password > WHAT: supplied credentials: [myuser+password] > ACTION: AUTHENTICATION_FAILED > APPLICATION: CAS > WHEN: Sat Sep 19 14:07:15 WEST 2015 > CLIENT IP ADDRESS: 192.168.1.X > SERVER IP ADDRESS: 192.168.1.X > ============================================================= > > > > 2015-09-19 14:07:15,667 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] > - <Audit trail record BEGIN > ============================================================= > WHO: myuser+password > WHAT: 1 errors, 0 successes > ACTION: TICKET_GRANTING_TICKET_NOT_CREATED > APPLICATION: CAS > WHEN: Sat Sep 19 14:07:15 WEST 2015 > CLIENT IP ADDRESS: 192.168.1.X > SERVER IP ADDRESS: 192.168.1.X > ============================================================= > > > So if CAS says that the authentication succeeded at first, why > LdapAuthenticationHandler fails? Any hint will be very > appreciated since I'm a bit lost right now. > > Thanks, > > Nicolás > > > > -- > > You are currently subscribed tocas-u...@lists.jasig.org > <mailto:cas-user@lists.jasig.org> as:mmoay...@unicon.net > <mailto:mmoay...@unicon.net> > > To unsubscribe, change settings or access archives, > seehttp://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > > You are currently subscribed tocas-u...@lists.jasig.org > <mailto:cas-user@lists.jasig.org> as:nico...@devels.es > <mailto:nico...@devels.es> > > To unsubscribe, change settings or access archives, > seehttp://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > > You are currently subscribed tocas-u...@lists.jasig.org > <mailto:cas-user@lists.jasig.org> as:mmoay...@unicon.net > <mailto:mmoay...@unicon.net> > > To unsubscribe, change settings or access archives, > seehttp://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > > You are currently subscribed tocas-u...@lists.jasig.org > <mailto:cas-user@lists.jasig.org> as:nico...@devels.es > <mailto:nico...@devels.es> > > To unsubscribe, change settings or access archives, > seehttp://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed tocas-u...@lists.jasig.org > <mailto:cas-user@lists.jasig.org> as:mmoay...@unicon.net > <mailto:mmoay...@unicon.net> > To unsubscribe, change settings or access archives, > seehttp://www.ja-sig.org/wiki/display/JSG/cas-user > -- > You are currently subscribed to cas-user@lists.jasig.org as: nico...@devels.es > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user