Hello, I have set up a minimal OpenLDAP installation and attempted to follow the 4.1 authentication instructions. I have a simple test setup, where the DN is in a format string to make things easier.
Authentication itself seems to succeed immediately, but the handler still fails, saying the attribute is missing. The error logs look like this: 2015-09-22 14:57:03,634 DEBUG [org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@255464314::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1497009408::config=[org.ldaptive.ConnectionConfig@1452978425::ldapUrl=ldap://ldap-01.corecodec.com/, connectTimeout=3000, responseTimeout=-1, sslConfig=[org.ldaptive.ssl.SslConfig@175268509::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@505154363::trustCertificates=file://etc/ssl/certs/ldap.crt, authenticationCertificate=null, authenticationKey=null], trustManagers=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=true, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1814265440::metadata=[ldapUrl=ldap://ldap-01.corecodec.com/, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@238946327::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@15592091, controlProcessor=org.ldaptive.provider.ControlProcessor@50d692d0, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null], sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1685441284::factory=sun.security.ssl.SSLSocketFactoryImpl@7163a722, sslConfig=[org.ldaptive.ssl.SslConfig@175268509::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@505154363::trustCertificates=file://etc/ssl/certs/ldap.crt, authenticationCertificate=null, authenticationKey=null], trustManagers=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null]], hostnameVerifier=null], providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@a85254f], result=true, resultCode=SUCCESS, message=null, controls=null] for criteria=[org.ldaptive.auth.AuthenticationCriteria@1495557037::dn=uid=test,ou=users,dc=identity,dc=corecodec,dc=com, authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@153672333::user=test, retAttrs=[1.1]]]> 2015-09-22 14:57:03,637 INFO [org.ldaptive.auth.Authenticator] - <Authentication succeeded for dn: uid=test,ou=users,dc=identity,dc=corecodec,dc=com> 2015-09-22 14:57:03,649 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@255464314::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1497009408::config=[org.ldaptive.ConnectionConfig@1452978425::ldapUrl=ldap://ldap-01.corecodec.com/, connectTimeout=3000, responseTimeout=-1, sslConfig=[org.ldaptive.ssl.SslConfig@175268509::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@505154363::trustCertificates=file://etc/ssl/certs/ldap.crt, authenticationCertificate=null, authenticationKey=null], trustManagers=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=true, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1814265440::metadata=[ldapUrl=ldap://ldap-01.corecodec.com/, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@238946327::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@15592091, controlProcessor=org.ldaptive.provider.ControlProcessor@50d692d0, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null], sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1685441284::factory=sun.security.ssl.SSLSocketFactoryImpl@7163a722, sslConfig=[org.ldaptive.ssl.SslConfig@175268509::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@505154363::trustCertificates=file://etc/ssl/certs/ldap.crt, authenticationCertificate=null, authenticationKey=null], trustManagers=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null]], hostnameVerifier=null], providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@a85254f], result=true, resultCode=SUCCESS, message=null, controls=null] for dn=uid=test,ou=users,dc=identity,dc=corecodec,dc=com with request=[org.ldaptive.auth.AuthenticationRequest@153672333::user=test, retAttrs=[1.1]]> 2015-09-22 14:57:03,651 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - <LDAP response: [org.ldaptive.auth.AuthenticationResponse@992560313::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS, ldapEntry=[dn=uid=test,ou=users,dc=identity,dc=corecodec,dc=com[]], accountState=null, result=true, resultCode=SUCCESS, message=null, controls=null]> 2015-09-22 14:57:03,658 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler failed authenticating test+password> 2015-09-22 14:57:03,658 DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler exception details: uid attribute not found for test> I’ve spent a number of hours on this so far, but I’m stumped. I’m wondering if any one has experienced this problem, and might know what I’m missing. My full deployerConfigContext is at https://gist.github.com/kategray/ff9e9189726c4cb8ce55 . Kate -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
