1. дома
  2. Вопрос и ответ
  3. Ошибка аутентификации Cas Ldap: атрибуты пустые

Ошибка аутентификации Cas Ldap: атрибуты пустые

2015-01-14 3 views
1

Я пытаюсь аутентифицировать пользователей в cas, используя связь LDAP. LDAP говорит хорошо, но он не посылает мне атрибуты ...Ошибка аутентификации Cas Ldap: атрибуты пустые

Вот сделка:

2015-01-14 10:52:34,353 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - <Attempting LDAP authentication for ffischer+password> 
2015-01-14 10:52:34,354 DEBUG [org.ldaptive.auth.FormatDnResolver] - <Formatting DN for ffischer with %[email protected]> 
2015-01-14 10:52:34,354 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate [email protected] with request=[[email protected]::user=ffischer, retAttrs=[sAMAccountName, name]]> 
2015-01-14 10:52:34,355 DEBUG [org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate criteria=[[email protected]62186::[email protected], authenticationRequest=[[email protected]::user=ffischer, retAttrs=[sAMAccountName, name]]]> 
2015-01-14 10:52:34,359 DEBUG [org.ldaptive.BindOperation] - <execute request=[[email protected]::[email protected], saslConfig=null, controls=null] with connection=[[email protected]1::config=[[email protected]::ldapUrl=ldap://192.168.1.93, connectTimeout=3000, responseTimeout=-1, sslConfig=[[email protected]::credentialConfig=[[email protected]::trustCertificates=classpath:todo, authenticationCertificate=null, authenticationKey=null], trustManagers=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[[email protected]::connectionCount=1, environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[[email protected]::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null, [email protected]]], [email protected]dbcb1]> 
2015-01-14 10:52:34,365 DEBUG [org.ldaptive.BindOperation] - <execute response=[[email protected]::result=null, resultCode=SUCCESS, message=null, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1] for request=[[email protected]::[email protected], saslConfig=null, controls=null] with connection=[[email protected]1::config=[[email protected]::ldapUrl=ldap://192.168.1.93, connectTimeout=3000, responseTimeout=-1, sslConfig=[[email protected]::credentialConfig=[[email protected]::trustCertificates=classpath:todo, authenticationCertificate=null, authenticationKey=null], trustManagers=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[[email protected]::connectionCount=1, environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[[email protected]::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null, [email protected]]], [email protected]dbcb1]> 
2015-01-14 10:52:34,366 DEBUG [org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate response=[[email protected]::connection=[[email protected]1::config=[[email protected]::ldapUrl=ldap://192.168.1.93, connectTimeout=3000, responseTimeout=-1, sslConfig=[[email protected]::credentialConfig=[[email protected]::trustCertificates=classpath:todo, authenticationCertificate=null, authenticationKey=null], trustManagers=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[[email protected]::connectionCount=1, environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[[email protected]::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null, [email protected]]], [email protected]dbcb1], result=true, resultCode=SUCCESS, message=null, controls=null] for criteria=[[email protected]::[email protected], authenticationRequest=[[email protected]::user=ffischer, retAttrs=[sAMAccountName, name]]]> 
2015-01-14 10:52:34,367 DEBUG [org.jasig.cas.authentication.support.UpnSearchEntryResolver] - <resolve criteria=[[email protected]::[email protected], authenticationRequest=[[email protected]::user=ffischer, retAttrs=[sAMAccountName, name]]]> 
2015-01-14 10:52:34,368 DEBUG [org.ldaptive.SearchOperation] - <execute request=[[email protected]::baseDn=dc=AGADIR-DEV,dc=lan, searchFilter=[[email protected]::filter=userPrincipalName={0}, parameters={[email protected]}], returnAttributes=[sAMAccountName, name], searchScope=SUBTREE, timeLimit=0, sizeLimit=0, derefAliases=null, typesOnly=false, binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null, searchReferenceHandlers=null, controls=null, followReferrals=false, intermediateResponseHandlers=null] with connection=[[email protected]1::config=[[email protected]::ldapUrl=ldap://192.168.1.93, connectTimeout=3000, responseTimeout=-1, sslConfig=[[email protected]::credentialConfig=[[email protected]::trustCertificates=classpath:todo, authenticationCertificate=null, authenticationKey=null], trustManagers=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[[email protected]::connectionCount=1, environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[[email protected]::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null, [email protected]]], [email protected]dbcb1]> 
2015-01-14 10:52:34,375 DEBUG [org.ldaptive.SearchOperation] - <execute response=[[email protected]::result=[[]], resultCode=SUCCESS, message=null, matchedDn=null, responseControls=null, referralURLs=[ldap://ForestDnsZones.AGADIR-DEV.lan/DC=ForestDnsZones,DC=AGADIR-DEV,DC=lan], messageId=-1] for request=[[email protected]::baseDn=dc=AGADIR-DEV,dc=lan, searchFilter=[[email protected]::filter=userPrincipalName={0}, parameters={[email protected]}], returnAttributes=[sAMAccountName, name], searchScope=SUBTREE, timeLimit=0, sizeLimit=0, derefAliases=null, typesOnly=false, binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null, searchReferenceHandlers=null, controls=null, followReferrals=false, intermediateResponseHandlers=null] with connection=[[email protected]1::config=[[email protected]::ldapUrl=ldap://192.168.1.93, connectTimeout=3000, responseTimeout=-1, sslConfig=[[email protected]::credentialConfig=[[email protected]::trustCertificates=classpath:todo, authenticationCertificate=null, authenticationKey=null], trustManagers=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[[email protected]::connectionCount=1, environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[[email protected]::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null, [email protected]]], [email protected]dbcb1]> 
2015-01-14 10:52:34,375 DEBUG [org.jasig.cas.authentication.support.UpnSearchEntryResolver] - <resolved result=[[]] for criteria=[[email protected]::[email protected], authenticationRequest=[[email protected]::user=ffischer, retAttrs=[sAMAccountName, name]]]> 
2015-01-14 10:52:34,376 INFO [org.ldaptive.auth.Authenticator] - <Authentication succeeded for dn: [email protected]> 
2015-01-14 10:52:34,377 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate response=[[email protected]::connection=[[email protected]1::config=[[email protected]::ldapUrl=ldap://192.168.1.93, connectTimeout=3000, responseTimeout=-1, sslConfig=[[email protected]::credentialConfig=[[email protected]::trustCertificates=classpath:todo, authenticationCertificate=null, authenticationKey=null], trustManagers=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[[email protected]::connectionCount=1, environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[[email protected]::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null, [email protected]]], [email protected]dbcb1], result=true, resultCode=SUCCESS, message=null, controls=null] for [email protected] with request=[[email protected]::user=ffischer, retAttrs=[sAMAccountName, name]]> 
2015-01-14 10:52:34,378 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - <LDAP response: [[email protected]::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS, ldapEntry=[[email protected][]], accountState=null, result=true, resultCode=SUCCESS, message=null, controls=null]> 
2015-01-14 10:52:34,378 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler failed authenticating ffischer+password>

Является ли проблема конфигурации AD? Я использую AD 2008 R2 сервер Cas 4.0.0

Спасибо за помощь

источник

2015-01-14 flow

+0

Вы можете проверить свое 'userPrincipalName' на самом деле - это ffischer @ AGADIR-DEV *? Я подозреваю, что это *[email protected]*, что в основном означает, что часть аутентификации будет работать, потому что вы используете 'samAccountName', но после аутентификации поиск вашей учетной записи завершится неудачно, потому что' userPrincipalName' отличается от того, что вы ожидаете , –

+0

Да, вы правы, thx :) – flow

+0

Отлично, отправил это как ответ. Не стесняйтесь принимать. :) –

ответ

0

Вопрос заключается в том, что, когда приложение выполняет поиск учетной записи пользователя, он использует ffischer @ AGADIR-DEV в качестве значения смотреть для атрибута userPrincipalName. Однако этот атрибут содержит плюс полное доменное имя, разделенное @, которое в вашем случае AGADIR-DEV.lan.

Чтобы устранить проблему, вам необходимо либо обновить способ поиска учетной записи, либо использовать userPrincipalName также для входа. Это также может потребовать некоторых настроек, поскольку я не знаком с тем, как работает библиотека.

источник

2015-01-14 11:23:52

Смежные вопросы

 Смежные вопросы