AD LDAP Pool
Mark Boyce
Mark.Boyce at ucop.edu
Tue May 17 16:50:35 EDT 2016
Daniel,
“sanitized” log attached…
Thanks,
m.
Mark L. Boyce
Senior Identity Management Analyst
University of California, Office of the President
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Daniel Fisher
Sent: Monday, May 16, 2016 6:26 PM
To: Shib Users
Subject: Re: AD LDAP Pool
On Mon, May 16, 2016 at 7:21 PM, Mark Boyce <Mark.Boyce at ucop.edu<mailto:Mark.Boyce at ucop.edu>> wrote:
When pooling AD Domain Controllers and adding “connectionHandler="edu.vt.middleware.ldap.handler.DefaultConnectionHandler{{connectionStrategy=ACTIVE_PASSIVE}}"” (as prescribed at https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPass) I am seeing the following:
1) User enters bad password
2) Shibboleth (yes, it is the underlying edu.vt.middleware.ldap.jaas.LdapLoginModule) attempts to authenticate the user at each DC in the pool; having failed to bind as the user, it would appear that edu.vt.middleware.ldap.jaas.LdapLoginModule is interpreting this as a failure of the server and promptly moving on to the next server in the pool
Can you post some debug logs of this?
--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160517/9a110022/attachment-0001.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: shib-log.txt
URL: <http://shibboleth.net/pipermail/users/attachments/20160517/9a110022/attachment-0001.txt>
More information about the users
mailing list