问题描述
当我尝试使用通过LDAP对AD进行身份验证的CAS登录时,我会看到此消息.
I am seeing this when I try to login with CAS which is authenticating against AD over LDAP.
SEVERE: Servlet.service() for servlet cas threw exception
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001E5, problem 2001 (NO_OBJECT), data 0, best match of:
''
]; remaining name '/'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3092)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1829)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)
at org.springframework.ldap.core.LdapTemplate$3.executeSearch(LdapTemplate.java:231)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:293)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:588)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:546)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:401)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:421)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:441)
到目前为止,我已通过BindLdapAuthenticationHandler进行身份验证,已解决,它生成了查询生成器,然后将其扔了.
Up to that point I was authenticated by the BindLdapAuthenticationHandler, resolved, it generated a query builder and then threw this.
我认为尝试获取属性时失败.为什么是remaining name '/'
?
I think it is failing when it is trying to get attributes back. Why is the remaining name '/'
?
推荐答案
其余名称是DN的一部分,而该名称在DIT的特定级别上实际上并未找到.例如,当您搜索cn=johns,ou=marketing,dc=example,dc=com
且ou=marketing,dc=example,dc=com
存在但cn=johns
在ou=marketing
内部不存在时,则剩余名称将为cn=johns
.
Remaining name is a part of a DN that wasn't actually found at a certain level of a DIT. For example when you search cn=johns,ou=marketing,dc=example,dc=com
and ou=marketing,dc=example,dc=com
exists but cn=johns
does not exists inside of ou=marketing
then the remaning name would be cn=johns
.
'/'看起来不是有效的RDN.我建议您验证您通过的搜索基础.很有可能是无效的DN字符串.
'/' does not look like a valid RDN. I would recommend to verify what you pass as a search base. Most likely it's an invalid DN string.
这篇关于CAS AD LDAP 32错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!