I need to check user password and member of specific group: I have CAS 5.2.*
My config file: cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].ldapUrl=ldap://example.com cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].bindDn=cn=portal_manager,ou=System Accounts,dc=example,dc=com cas.authn.ldap[0].bindCredential=*********** cas.authn.ldap[0].baseDn=DC=example,DC=com cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].userFilter=(&(objectCategory=Person)(sAMAccountName={user})(memberOf=CN=SpecificGroupName,OU=Groups,OU=Company,DC=example,DC=com)) cas.authn.ldap[0].usePasswordPolicy=false cas.authn.ldap[0].principalAttributeId=sAMAccountName cas.authn.ldap[0].principalAttributePassword= cas.authn.ldap[0].principalAttributeList=displayName,commonName,email,memberOf cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true When I create auth request then CAS response error: 2018-03-13 17:34:38,515 DEBUG [org.ldaptive.SearchOperation] - <execute request=[org.ldaptive.SearchRequest@-384810870::baseDn=DC=hq,DC=bc, searchFilter=[org.ldaptive.SearchFilter@-1831897358::filter=(&(objectCategory=Person)(sAMAccountName={user})(memberOf=CN=ManagersPortal,OU=Groups,OU=БАНК,DC=hq,DC=bc)), parameters={context=null, user=braliyev_30424}], returnAttributes=[1.1], searchScope=SUBTREE, timeLimit=PT0S, sizeLimit=0, derefAliases=null, typesOnly=false, binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null, searchReferenceHandlers=null, controls=null, referralHandler=null, intermediateResponseHandlers=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1004112938::config=[org.ldaptive.ConnectionConfig@1791270211::ldapUrl=ldap://hq.bc, connectTimeout=PT5S, responseTimeout=PT5S, sslConfig=[org.ldaptive.ssl.SslConfig@887019403::credentialConfig=null, trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=false, connectionInitializer=[org.ldaptive.BindConnectionInitializer@727124254::bindDn=cn=kaspi_portal,ou=System Accounts,dc=hq,dc=bc, bindSaslConfig=null, bindControls=null], connectionStrategy=org.ldaptive.DefaultConnectionStrategy@1e7a75fd], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2104222132::metadata=[ldapUrl=ldap://hq.bc, count=1], environment={com.sun.jndi.ldap.connect.timeout=5000, java.naming.ldap.version=3, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.read.timeout=5000}, classLoader=null, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@334577122::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, controlProcessor=org.ldaptive.provider.ControlProcessor@29c0c417, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@6368ec02]> 2018-03-13 17:34:38,521 DEBUG [org.ldaptive.SearchOperation] - <execute response=[org.ldaptive.Response@626954816::result=[org.ldaptive.SearchResult@-1662255094::entries=[], references=[[org.ldaptive.SearchReference@74822743::referralUrls=[ldap://DomainDnsZones.hq.bc/DC=DomainDnsZones,DC=hq,DC=bc], responseControls=null, messageId=-1, referenceResponse=null], [org.ldaptive.SearchReference@-526386759::referralUrls=[ldap://hq.bc/CN=Configuration,DC=hq,DC=bc], responseControls=null, messageId=-1, referenceResponse=null], [org.ldaptive.SearchReference@-1214994231::referralUrls=[ldap://ForestDnsZones.hq.bc/DC=ForestDnsZones,DC=hq,DC=bc], responseControls=null, messageId=-1, referenceResponse=null]]], resultCode=SUCCESS, message=null, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1] for request=[org.ldaptive.SearchRequest@-384810870::baseDn=DC=hq,DC=bc, searchFilter=[org.ldaptive.SearchFilter@-1831897358::filter=(&(objectCategory=Person)(sAMAccountName={user})(memberOf=CN=ManagersPortal,OU=Groups,OU=БАНК,DC=hq,DC=bc)), parameters={context=null, user=braliyev_30424}], returnAttributes=[1.1], searchScope=SUBTREE, timeLimit=PT0S, sizeLimit=0, derefAliases=null, typesOnly=false, binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null, searchReferenceHandlers=null, controls=null, referralHandler=null, intermediateResponseHandlers=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1004112938::config=[org.ldaptive.ConnectionConfig@1791270211::ldapUrl=ldap://hq.bc, connectTimeout=PT5S, responseTimeout=PT5S, sslConfig=[org.ldaptive.ssl.SslConfig@887019403::credentialConfig=null, trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=false, connectionInitializer=[org.ldaptive.BindConnectionInitializer@727124254::bindDn=cn=kaspi_portal,ou=System Accounts,dc=hq,dc=bc, bindSaslConfig=null, bindControls=null], connectionStrategy=org.ldaptive.DefaultConnectionStrategy@1e7a75fd], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2104222132::metadata=[ldapUrl=ldap://hq.bc, count=1], environment={com.sun.jndi.ldap.connect.timeout=5000, java.naming.ldap.version=3, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.read.timeout=5000}, classLoader=null, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@334577122::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, controlProcessor=org.ldaptive.provider.ControlProcessor@29c0c417, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@6368ec02]> 2018-03-13 17:34:38,526 INFO [org.ldaptive.auth.PooledSearchDnResolver] - <search for user=[org.ldaptive.auth.User@1756715488::identifier=braliyev_30424, context=null] failed using filter=[org.ldaptive.SearchFilter@-1831897358::filter=(&(objectCategory=Person)(sAMAccountName={user})(memberOf=CN=ManagersPortal,OU=Groups,OU=БАНК,DC=hq,DC=bc)), parameters={context=null, user=braliyev_30424}]> 2018-03-13 17:34:38,526 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] - <resolved dn=null for user=[org.ldaptive.auth.User@1756715488::identifier=braliyev_30424, context=null]> 2018-03-13 17:34:38,526 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate dn=null with request=[org.ldaptive.auth.AuthenticationRequest@1687550059::user=[org.ldaptive.auth.User@1756715488::identifier=braliyev_30424, context=null], returnAttributes=[commonName, sAMAccountName, displayName, memberOf, email], controls=null]> CAS search request result is empty. When I change configuration "userFilter" without checking memberOf - cas.authn.ldap[0].userFilter=(&(objectCategory=Person)) authorization works corretly. I checked my search request in LDAPAdmin utility, he works correctly. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5eb434b2-97c7-475b-94a7-a15f85612a5f%40apereo.org.
