Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CAS AD LDAP 32 error

Tags:

active-directory

ldap

cas

I am seeing this when I try to login with CAS which is authenticating against AD over LDAP. 

SEVERE: Servlet.service() for servlet cas threw exception
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001E5, problem 2001 (NO_OBJECT), data 0, best match of:
    ''
]; remaining name '/'
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3092)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1829)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
    at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)
    at org.springframework.ldap.core.LdapTemplate$3.executeSearch(LdapTemplate.java:231)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:293)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:588)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:546)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:401)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:421)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:441)

Up to that point I was authenticated by the BindLdapAuthenticationHandler, resolved, it generated a query builder and then threw this.

I think it is failing when it is trying to get attributes back. Why is the remaining name '/'?

like image 326
Brandon Avatar asked Nov 17 '11 18:11

Brandon

2 Answers

Remaining name is a part of a DN that wasn't actually found at a certain level of a DIT. For example when you search cn=johns,ou=marketing,dc=example,dc=com and ou=marketing,dc=example,dc=com exists but cn=johns does not exists inside of ou=marketing then the remaning name would be cn=johns.

'/' does not look like a valid RDN. I would recommend to verify what you pass as a search base. Most likely it's an invalid DN string.

like image 50
Kirill Kovalenko Avatar answered Nov 03 '22 00:11

Kirill Kovalenko

LDAP error code 32 means "no such object", in this case, perhaps the base object of the search did not exist.

like image 25
Terry Gardner Avatar answered Nov 03 '22 02:11

Terry Gardner
Sign in to Comment

Related questions

1601/01/01 of lastLogonTimeStamp attribute
"GetAuthorizationGroups" throws exception when reading groups for user from Active Directory
javascript active directory user / groups query
How to know if DirectoryEntry is a user or a group?
Calling NetValidatePasswordPolicy from C# always returns Password Must Change
Why is JDK1.8.0u121 unable to find the kerberos default_tkt_enctypes types? (KrbException: no supported default etypes for default_tkt_enctypes)
Why does Spring LDAP's LdapTemplate not return title, department & company attributes?
Finding a User in Active Directory with the Login Name
How to change System.DirectoryEntry "uSNChanged" attribute value to an Int64
Winform user authorization via active directory
MVC 4 authentication with Active Directory or Membership database
Move Active Directory Group to Another OU using Powershell
AD via LDAP - How can I return all ancestor groups from a query?
Find out if a group in AD is in Distribution group?
How to retrieve all Groups from LDAP with Perl
Search Active Directory for computer name(s) using user input
Dynamic CRM "CrmServiceClient" unable to connect using Active Directory Authentication Mode
How do I query an organizational unit for its groups with LDAP?
Determine current domain controller programmatically
Are there better (easier) ways to get a specific domain's SID?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!