Mark Boyce Mark.Boyce at
Tue May 17 16:50:35 EDT 2016


“sanitized” log attached…



Mark L. Boyce
Senior Identity Management Analyst
University of California, Office of the President

From: users [mailto:users-bounces at] On Behalf Of Daniel Fisher
Sent: Monday, May 16, 2016 6:26 PM
To: Shib Users
Subject: Re: AD LDAP Pool

On Mon, May 16, 2016 at 7:21 PM, Mark Boyce <Mark.Boyce at<mailto:Mark.Boyce at>> wrote:
When pooling AD Domain Controllers and adding “connectionHandler="edu.vt.middleware.ldap.handler.DefaultConnectionHandler{{connectionStrategy=ACTIVE_PASSIVE}}"” (as prescribed at I am seeing the following:

1)            User enters bad password
2)            Shibboleth (yes, it is the underlying edu.vt.middleware.ldap.jaas.LdapLoginModule) attempts to authenticate the user at each DC in the pool; having failed to bind as the user, it would appear that edu.vt.middleware.ldap.jaas.LdapLoginModule is interpreting this as a failure of the server and promptly moving on to the next server in the pool

Can you post some debug logs of this?

--Daniel Fisher

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: shib-log.txt
URL: <>

More information about the users mailing list