IDP 3.1 LDAP Authn without SSL
NPTabunakawai
nimcee at gmail.com
Thu May 21 03:32:13 EDT 2015
Hi,
>From some of the previous posts I gathered that it was possible to connect
to ldap without ssl. I have tried by commenting the respective entries in
ldap.properties and ldap-authn-config.
I am able to get to the idp login page but when after submitting
credentials I get :
Login Failure: Pool is empty and connection creation failed.
Appreciate any pointers on recommended approaches to connect to ldap
without SSL.
idp-process.log:
2015-05-21 09:56:19,576 - WARN
[org.ldaptive.pool.BlockingConnectionPool:534] - unable to create available
connection
2015-05-21 10:00:48,514 - ERROR
[org.ldaptive.pool.BlockingConnectionPool:484] -
[org.ldaptive.pool.BlockingConnectionPool at 427397920::name=search-pool,
poolConfig=[org.ldaptive.pool.PoolConfig at 1926828943::minPoolSize=3,
maxPoolSize=10, validateOnCheckIn=false, validateOnCheckOut=false,
validatePeriodically=true, validatePeriod=300], activator=null,
passivator=null, validator=[org.ldaptive.pool.SearchValidator at 1347579987
::searchRequest=[org.ldaptive.SearchRequest at 1954274106::baseDn=,
searchFilter=[org.ldaptive.SearchFilter at 1642584434::filter=(objectClass=*),
parameters={}], returnAttributes=[1.1], searchScope=OBJECT, timeLimit=0,
sizeLimit=1, derefAliases=null, typesOnly=false, binaryAttributes=null,
sortBehavior=UNORDERED, searchEntryHandlers=null,
searchReferenceHandlers=null, controls=null, followReferrals=false,
intermediateResponseHandlers=null]]
pruneStrategy=[org.ldaptive.pool.IdlePruneStrategy at 40941274::prunePeriod=300,
idleTime=600], connectOnCreate=true,
connectionFactory=[org.ldaptive.DefaultConnectionFactory at 1647588233
::provider=org.ldaptive.provider.jndi.JndiProvider at 7c887af2,
config=[org.ldaptive.ConnectionConfig at 553929280::ldapUrl=ldap://
ldap.server.com:389, connectTimeout=3000, responseTimeout=-1,
sslConfig=null, useSSL=false, useStartTLS=false,
connectionInitializer=[org.ldaptive.BindConnectionInitializer at 650505948
::bindDn=uid=user at server.com, bindSaslConfig=null, bindControls=null]]],
initialized=true, availableCount=0, activeCount=0] unable to connect to the
ldap
org.ldaptive.LdapException: javax.naming.AuthenticationException: [LDAP:
error code 49 - 80090308: LdapErr: DSID-0C090334, comment:
AcceptSecurityContext error, data 525, vece]
at
org.ldaptive.provider.ProviderUtils.throwOperationException(ProviderUtils.java:77)
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 -
80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error,
data 525, vece]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135)
2015-05-21 10:00:48,515 - WARN
[org.ldaptive.pool.BlockingConnectionPool:575] - unable to create active
connection
2015-05-21 10:00:48,515 - ERROR
[org.ldaptive.pool.BlockingConnectionPool:170] - Could not service check
out request
2015-05-21 10:00:48,516 - WARN
[net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:213] -
Profile Action ValidateUsernamePasswordAgainstLDAP: Login by xxxx produced
exception
org.ldaptive.pool.PoolExhaustedException: Pool is empty and connection
creation failed
at
org.ldaptive.pool.BlockingConnectionPool.getConnection(BlockingConnectionPool.java:171)
2015-05-21 10:00:49,379 - WARN
[org.ldaptive.AbstractOperation$ReopenOperationExceptionHandler:277] -
Operation exception encountered, reopening connection
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150521/8e62af9a/attachment.html>
More information about the users
mailing list