I've been having some trouble using the search-entry-handler with the
surrogate ldap setup. The RECURSIVE_ENTRY handler does not seem to be used
when searching user attributes.
- Using Active Directory with the ldap attribute repository for
authentication and attribute repository. This is working and we are able
to lookup nested groups using the RECURSIVE_ENTRY search-entry-handler.
- Using the same ldap for the surrogate setup. The authorization is
working fine, but I would like to use a search-entry-handler to find
"nested groups" that the user is a member of. The search-entry-handler
doesn't seem to even be used when I turn on debug for <Property
name="ldap.log.level">debug</Property>. See attached log. User is a member
of "parent_nested_group" which is a member of another group to authorize
the users to impersonate "student-lo"
# Search filter is used to locate the account / attribute for the
member-attribute-name
cas.authn.surrogate.ldap.search-filter=sAMAccountName={user}
# used to validate that the account is authorized to impersonate
cas.authn.surrogate.ldap.surrogate-search-filter=(&(sAMAccountName={user})(memberOf:1.2.840.113556.1.4.1941:=cn={surrogate}-IMP,ou=sso_impersonation,ou=Groups,dc=example,dc=org))
# This is not working right... works for the ldap attribute repository, but
not here.
cas.authn.surrogate.ldap.search-entry-handlers[0].type=RECURSIVE_ENTRY
cas.authn.surrogate.ldap.search-entry-handlers[0].recursive.search-attribute=memberOf
cas.authn.surrogate.ldap.search-entry-handlers[0].recursive.merge-attributes=memberOf
# how we find the list of accounts elligible for impersonation to the user.
cas.authn.surrogate.ldap.member-attribute-name=memberOf
cas.authn.surrogate.ldap.member-attribute-value-regex=CN=(.+)-IMP.+
Any help would be appreciated.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/be9cfb8e-a65a-4e4d-86b8-4024a9e1d3dcn%40apereo.org.
2022-09-23 12:06:23,076 DEBUG
[org.apereo.cas.web.flow.action.LoadSurrogatesListAction] - <Loading eligible
accounts for [t.impersonate] to proxy>
2022-09-23 12:06:23,076 DEBUG [org.apereo.cas.util.LdapUtils] - <Constructed
LDAP search filter [sAMAccountName=t.impersonate]>
2022-09-23 12:06:23,076 DEBUG
[org.apereo.cas.authentication.surrogate.SurrogateLdapAuthenticationService] -
<Using search filter to find eligible accounts:
[[org.ldaptive.FilterTemplate@431096374::filter=sAMAccountName={user},
parameters={user=t.impersonate}]]>
2022-09-23 12:06:23,077 DEBUG [org.ldaptive.transport.netty.NettyConnection] -
<Write handle
org.ldaptive.transport.DefaultSearchOperationHandle@1756307958::messageID=null,
request=org.ldaptive.SearchRequest@1178890028::controls=null, dn=,
scope=OBJECT, aliases=NEVER, sizeLimit=1, timeLimit=PT0S, typesOnly=false,
filter=org.ldaptive.filter.PresenceFilter@b262ac96, returnAttributes=[1.1],
binaryAttributes=null,
connection=org.ldaptive.transport.netty.NettyConnection@324346512::ldapUrl=[org.ldaptive.LdapURL@-1951828112::scheme=ldap,
hostname=192.168.1.100, port=3268, baseDn=null, attributes=null, scope=null,
filter=null, inetAddress=null], isOpen=true,
connectTime=2022-09-22T20:07:08.766229Z,
connectionConfig=[org.ldaptive.ConnectionConfig@590078605::ldapUrl=ldap://192.168.1.100:3268,
connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M,
autoReconnect=true,
autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$2974/0x0000000840dc0840@5114c8a1,
autoReplay=true,
sslConfig=[org.ldaptive.ssl.SslConfig@6932197::credentialConfig=null,
trustManagers=null,
hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@6e53bb4f,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false,
connectionInitializers=[org.ldaptive.BindConnectionInitializer@863917883::bindDn=CN=ldapreader,OU=ServiceAccounts,DC=C*****TEST,DC=example,DC=edu,
bindSaslConfig=null, bindControls=null],
connectionStrategy=org.ldaptive.ActivePassiveConnectionStrategy@5929059c,
connectionValidator=null, transportOptions={}], channel=[id: 0xde298389,
L:/192.168.1.100:43250 - R:192.168.1.100/192.168.1.100:3268],
responseTimeout=PT5S, creationTime=2022-09-23T16:06:23.077043Z, sentTime=null,
receivedTime=null, consumedMessage=false, result=null, exception=null,
onEntry=null, onReference=null, onSearchResult=null with 0 pending responses>
2022-09-23 12:06:23,077 DEBUG [org.ldaptive.transport.netty.NettyConnection] -
<Received response message org.ldaptive.LdapEntry@901155975::messageID=247,
controls=[], dn=, attributes=[] for handle
org.ldaptive.transport.DefaultSearchOperationHandle@1756307958::messageID=247,
request=org.ldaptive.SearchRequest@1178890028::controls=null, dn=,
scope=OBJECT, aliases=NEVER, sizeLimit=1, timeLimit=PT0S, typesOnly=false,
filter=org.ldaptive.filter.PresenceFilter@b262ac96, returnAttributes=[1.1],
binaryAttributes=null,
connection=org.ldaptive.transport.netty.NettyConnection@324346512::ldapUrl=[org.ldaptive.LdapURL@-1951828112::scheme=ldap,
hostname=192.168.1.100, port=3268, baseDn=null, attributes=null, scope=null,
filter=null, inetAddress=null], isOpen=true,
connectTime=2022-09-22T20:07:08.766229Z,
connectionConfig=[org.ldaptive.ConnectionConfig@590078605::ldapUrl=ldap://192.168.1.100:3268,
connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M,
autoReconnect=true,
autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$2974/0x0000000840dc0840@5114c8a1,
autoReplay=true,
sslConfig=[org.ldaptive.ssl.SslConfig@6932197::credentialConfig=null,
trustManagers=null,
hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@6e53bb4f,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false,
connectionInitializers=[org.ldaptive.BindConnectionInitializer@863917883::bindDn=CN=ldapreader,OU=ServiceAccounts,DC=C*****TEST,DC=example,DC=edu,
bindSaslConfig=null, bindControls=null],
connectionStrategy=org.ldaptive.ActivePassiveConnectionStrategy@5929059c,
connectionValidator=null, transportOptions={}], channel=[id: 0xde298389,
L:/192.168.1.100:43250 - R:192.168.1.100/192.168.1.100:3268],
responseTimeout=PT5S, creationTime=2022-09-23T16:06:23.077043Z, sentTime=null,
receivedTime=null, consumedMessage=false, result=null, exception=null,
onEntry=null, onReference=null, onSearchResult=null>
2022-09-23 12:06:23,078 DEBUG [org.ldaptive.transport.netty.NettyConnection] -
<Received response message
org.ldaptive.SearchResponse@2146361142::messageID=247, controls=[],
resultCode=SUCCESS, matchedDN=, diagnosticMessage=, referralURLs=[],
entries=[], references=[] for handle
org.ldaptive.transport.DefaultSearchOperationHandle@1756307958::messageID=247,
request=org.ldaptive.SearchRequest@1178890028::controls=null, dn=,
scope=OBJECT, aliases=NEVER, sizeLimit=1, timeLimit=PT0S, typesOnly=false,
filter=org.ldaptive.filter.PresenceFilter@b262ac96, returnAttributes=[1.1],
binaryAttributes=null,
connection=org.ldaptive.transport.netty.NettyConnection@324346512::ldapUrl=[org.ldaptive.LdapURL@-1951828112::scheme=ldap,
hostname=192.168.1.100, port=3268, baseDn=null, attributes=null, scope=null,
filter=null, inetAddress=null], isOpen=true,
connectTime=2022-09-22T20:07:08.766229Z,
connectionConfig=[org.ldaptive.ConnectionConfig@590078605::ldapUrl=ldap://192.168.1.100:3268,
connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M,
autoReconnect=true,
autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$2974/0x0000000840dc0840@5114c8a1,
autoReplay=true,
sslConfig=[org.ldaptive.ssl.SslConfig@6932197::credentialConfig=null,
trustManagers=null,
hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@6e53bb4f,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false,
connectionInitializers=[org.ldaptive.BindConnectionInitializer@863917883::bindDn=CN=ldapreader,OU=ServiceAccounts,DC=C*****TEST,DC=example,DC=edu,
bindSaslConfig=null, bindControls=null],
connectionStrategy=org.ldaptive.ActivePassiveConnectionStrategy@5929059c,
connectionValidator=null, transportOptions={}], channel=[id: 0xde298389,
L:/192.168.1.100:43250 - R:192.168.1.100/192.168.1.100:3268],
responseTimeout=PT5S, creationTime=2022-09-23T16:06:23.077043Z, sentTime=null,
receivedTime=null, consumedMessage=false, result=null, exception=null,
onEntry=null, onReference=null, onSearchResult=null>
2022-09-23 12:06:23,078 DEBUG [org.ldaptive.transport.netty.NettyConnection] -
<Write handle
org.ldaptive.transport.DefaultSearchOperationHandle@1144298656::messageID=null,
request=org.ldaptive.SearchRequest@500019591::controls=null,
dn=DC=C*****TEST,DC=example,DC=edu, scope=SUBTREE, aliases=NEVER, sizeLimit=0,
timeLimit=PT0S, typesOnly=false,
filter=org.ldaptive.filter.EqualityFilter@1819194846::filterType=EQUALITY,
attributeDesc=sAMAccountName, assertionValue=t.impersonate,
returnAttributes=[*], binaryAttributes=[*],
connection=org.ldaptive.transport.netty.NettyConnection@324346512::ldapUrl=[org.ldaptive.LdapURL@-1951828112::scheme=ldap,
hostname=192.168.1.100, port=3268, baseDn=null, attributes=null, scope=null,
filter=null, inetAddress=null], isOpen=true,
connectTime=2022-09-22T20:07:08.766229Z,
connectionConfig=[org.ldaptive.ConnectionConfig@590078605::ldapUrl=ldap://192.168.1.100:3268,
connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M,
autoReconnect=true,
autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$2974/0x0000000840dc0840@5114c8a1,
autoReplay=true,
sslConfig=[org.ldaptive.ssl.SslConfig@6932197::credentialConfig=null,
trustManagers=null,
hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@6e53bb4f,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false,
connectionInitializers=[org.ldaptive.BindConnectionInitializer@863917883::bindDn=CN=ldapreader,OU=ServiceAccounts,DC=C*****TEST,DC=example,DC=edu,
bindSaslConfig=null, bindControls=null],
connectionStrategy=org.ldaptive.ActivePassiveConnectionStrategy@5929059c,
connectionValidator=null, transportOptions={}], channel=[id: 0xde298389,
L:/192.168.1.100:43250 - R:192.168.1.100/192.168.1.100:3268],
responseTimeout=PT5S, creationTime=2022-09-23T16:06:23.078438Z, sentTime=null,
receivedTime=null, consumedMessage=false, result=null, exception=null,
onEntry=null, onReference=null,
onSearchResult=[org.ldaptive.referral.FollowSearchReferralHandler@5505b541]
with 0 pending responses>
2022-09-23 12:06:23,081 DEBUG [org.ldaptive.transport.netty.NettyConnection] -
<Received response message org.ldaptive.LdapEntry@-1983541953::messageID=248,
controls=[], dn=CN=Test
Impersonate,OU=NewEmployees,DC=C*****TEST,DC=example,DC=edu,
attributes=[org.ldaptive.LdapAttribute@-177020772::name=objectClass,
values=[top, person, organizationalPerson, user], binary=false,
org.ldaptive.LdapAttribute@391333248::name=cn, values=[Test Impersonate],
binary=false, org.ldaptive.LdapAttribute@171443826::name=sn,
values=[Impersonate], binary=false,
org.ldaptive.LdapAttribute@-1366417402::name=givenName, values=[Test],
binary=false, org.ldaptive.LdapAttribute@1516078052::name=distinguishedName,
values=[CN=Test Impersonate,OU=NewEmployees,DC=C*****TEST,DC=example,DC=edu],
binary=false, org.ldaptive.LdapAttribute@-1620148639::name=instanceType,
values=[4], binary=false,
org.ldaptive.LdapAttribute@-138016953::name=whenCreated,
values=[20220923160132.0Z], binary=false,
org.ldaptive.LdapAttribute@-849332881::name=whenChanged,
values=[20220923160620.0Z], binary=false,
org.ldaptive.LdapAttribute@816279650::name=displayName, values=[Test
Impersonate], binary=false,
org.ldaptive.LdapAttribute@-333581813::name=uSNCreated, values=[14536255],
binary=false, org.ldaptive.LdapAttribute@1446116613::name=memberOf,
values=[CN=stest-IMP,OU=sso_impersonation,OU=Groups,DC=C*****TEST,DC=example,DC=edu,
CN=parent_nested_group,OU=Groups,DC=C*****TEST,DC=example,DC=edu],
binary=false, org.ldaptive.LdapAttribute@284947063::name=uSNChanged,
values=[14536321], binary=false,
org.ldaptive.LdapAttribute@772202912::name=name, values=[Test Impersonate],
binary=false, org.ldaptive.LdapAttribute@-1094210003::name=objectGUID,
values=[M�s'�VD�c�!N+�}], binary=false,
org.ldaptive.LdapAttribute@-145131217::name=userAccountControl, values=[512],
binary=false, org.ldaptive.LdapAttribute@575947920::name=pwdLastSet,
values=[133084224930952558], binary=false,
org.ldaptive.LdapAttribute@-1214228995::name=primaryGroupID, values=[513],
binary=false, org.ldaptive.LdapAttribute@-830048124::name=objectSid,
values=[]!�B_*gM��/], binary=false,
org.ldaptive.LdapAttribute@-590207402::name=sAMAccountName,
values=[t.impersonate], binary=false,
org.ldaptive.LdapAttribute@73020207::name=sAMAccountType, values=[805306368],
binary=false, org.ldaptive.LdapAttribute@-45530025::name=userPrincipalName,
values=[t.impersonate@C*****TEST.example.edu], binary=false,
org.ldaptive.LdapAttribute@1503365745::name=objectCategory,
values=[CN=Person,CN=Schema,CN=Configuration,DC=C*****TEST,DC=example,DC=edu],
binary=false, org.ldaptive.LdapAttribute@589431078::name=dSCorePropagationData,
values=[16010101000000.0Z], binary=false,
org.ldaptive.LdapAttribute@2033153728::name=lastLogonTimestamp,
values=[133084227804090495], binary=false] for handle
org.ldaptive.transport.DefaultSearchOperationHandle@1144298656::messageID=248,
request=org.ldaptive.SearchRequest@500019591::controls=null,
dn=DC=C*****TEST,DC=example,DC=edu, scope=SUBTREE, aliases=NEVER, sizeLimit=0,
timeLimit=PT0S, typesOnly=false,
filter=org.ldaptive.filter.EqualityFilter@1819194846::filterType=EQUALITY,
attributeDesc=sAMAccountName, assertionValue=t.impersonate,
returnAttributes=[*], binaryAttributes=[*],
connection=org.ldaptive.transport.netty.NettyConnection@324346512::ldapUrl=[org.ldaptive.LdapURL@-1951828112::scheme=ldap,
hostname=192.168.1.100, port=3268, baseDn=null, attributes=null, scope=null,
filter=null, inetAddress=null], isOpen=true,
connectTime=2022-09-22T20:07:08.766229Z,
connectionConfig=[org.ldaptive.ConnectionConfig@590078605::ldapUrl=ldap://192.168.1.100:3268,
connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M,
autoReconnect=true,
autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$2974/0x0000000840dc0840@5114c8a1,
autoReplay=true,
sslConfig=[org.ldaptive.ssl.SslConfig@6932197::credentialConfig=null,
trustManagers=null,
hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@6e53bb4f,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false,
connectionInitializers=[org.ldaptive.BindConnectionInitializer@863917883::bindDn=CN=ldapreader,OU=ServiceAccounts,DC=C*****TEST,DC=example,DC=edu,
bindSaslConfig=null, bindControls=null],
connectionStrategy=org.ldaptive.ActivePassiveConnectionStrategy@5929059c,
connectionValidator=null, transportOptions={}], channel=[id: 0xde298389,
L:/192.168.1.100:43250 - R:192.168.1.100/192.168.1.100:3268],
responseTimeout=PT5S, creationTime=2022-09-23T16:06:23.078438Z,
sentTime=2022-09-23T16:06:23.078961Z, receivedTime=null, consumedMessage=false,
result=null, exception=null, onEntry=null, onReference=null,
onSearchResult=[org.ldaptive.referral.FollowSearchReferralHandler@5505b541]>
2022-09-23 12:06:23,081 DEBUG [org.ldaptive.transport.netty.NettyConnection] -
<Received response message
org.ldaptive.SearchResponse@1565800263::messageID=248, controls=[],
resultCode=SUCCESS, matchedDN=, diagnosticMessage=, referralURLs=[],
entries=[], references=[] for handle
org.ldaptive.transport.DefaultSearchOperationHandle@1144298656::messageID=248,
request=org.ldaptive.SearchRequest@500019591::controls=null,
dn=DC=C*****TEST,DC=example,DC=edu, scope=SUBTREE, aliases=NEVER, sizeLimit=0,
timeLimit=PT0S, typesOnly=false,
filter=org.ldaptive.filter.EqualityFilter@1819194846::filterType=EQUALITY,
attributeDesc=sAMAccountName, assertionValue=t.impersonate,
returnAttributes=[*], binaryAttributes=[*],
connection=org.ldaptive.transport.netty.NettyConnection@324346512::ldapUrl=[org.ldaptive.LdapURL@-1951828112::scheme=ldap,
hostname=192.168.1.100, port=3268, baseDn=null, attributes=null, scope=null,
filter=null, inetAddress=null], isOpen=true,
connectTime=2022-09-22T20:07:08.766229Z,
connectionConfig=[org.ldaptive.ConnectionConfig@590078605::ldapUrl=ldap://192.168.1.100:3268,
connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M,
autoReconnect=true,
autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$2974/0x0000000840dc0840@5114c8a1,
autoReplay=true,
sslConfig=[org.ldaptive.ssl.SslConfig@6932197::credentialConfig=null,
trustManagers=null,
hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@6e53bb4f,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false,
connectionInitializers=[org.ldaptive.BindConnectionInitializer@863917883::bindDn=CN=ldapreader,OU=ServiceAccounts,DC=C*****TEST,DC=example,DC=edu,
bindSaslConfig=null, bindControls=null],
connectionStrategy=org.ldaptive.ActivePassiveConnectionStrategy@5929059c,
connectionValidator=null, transportOptions={}], channel=[id: 0xde298389,
L:/192.168.1.100:43250 - R:192.168.1.100/192.168.1.100:3268],
responseTimeout=PT5S, creationTime=2022-09-23T16:06:23.078438Z,
sentTime=2022-09-23T16:06:23.078961Z, receivedTime=null, consumedMessage=false,
result=null, exception=null, onEntry=null, onReference=null,
onSearchResult=[org.ldaptive.referral.FollowSearchReferralHandler@5505b541]>
2022-09-23 12:06:23,081 DEBUG [org.ldaptive.transport.netty.NettyConnection] -
<Write handle
org.ldaptive.transport.netty.NettyConnection$BindOperationHandle@2012107464::messageID=null,
request=org.ldaptive.SimpleBindRequest@1657936637::controls=null,
dn=CN=ldapreader,OU=ServiceAccounts,DC=C*****TEST,DC=example,DC=edu,
connection=org.ldaptive.transport.netty.NettyConnection@324346512::ldapUrl=[org.ldaptive.LdapURL@-1951828112::scheme=ldap,
hostname=192.168.1.100, port=3268, baseDn=null, attributes=null, scope=null,
filter=null, inetAddress=null], isOpen=true,
connectTime=2022-09-22T20:07:08.766229Z,
connectionConfig=[org.ldaptive.ConnectionConfig@590078605::ldapUrl=ldap://192.168.1.100:3268,
connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M,
autoReconnect=true,
autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$2974/0x0000000840dc0840@5114c8a1,
autoReplay=true,
sslConfig=[org.ldaptive.ssl.SslConfig@6932197::credentiaPuTTYPuTTYlConfig=null,
trustManagers=null,
hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@6e53bb4f,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false,
connectionInitializers=[org.ldaptive.BindConnectionInitializer@863917883::bindDn=CN=ldapreader,OU=ServiceAccounts,DC=C*****TEST,DC=example,DC=edu,
bindSaslConfig=null, bindControls=null],
connectionStrategy=org.ldaptive.ActivePassiveConnectionStrategy@5929059c,
connectionValidator=null, transportOptions={}], channel=[id: 0xde298389,
L:/192.168.1.100:43250 - R:192.168.1.100/192.168.1.100:3268],
responseTimeout=PT5S, creationTime=2022-09-23T16:06:23.081627Z, sentTime=null,
receivedTime=null, consumedMessage=false, result=null, exception=null with 0
pending responses>
2022-09-23 12:06:23,083 DEBUG [org.ldaptive.transport.netty.NettyConnection] -
<Received response message org.ldaptive.BindResponse@233716990::messageID=249,
controls=[], resultCode=SUCCESS, matchedDN=, diagnosticMessage=,
referralURLs=[] for handle
org.ldaptive.transport.netty.NettyConnection$BindOperationHandle@2012107464::messageID=249,
request=org.ldaptive.SimpleBindRequest@1657936637::controls=null,
dn=CN=ldapreader,OU=ServiceAccounts,DC=C*****TEST,DC=example,DC=edu,
connection=org.ldaptive.transport.netty.NettyConnection@324346512::ldapUrl=[org.ldaptive.LdapURL@-1951828112::scheme=ldap,
hostname=192.168.1.100, port=3268, baseDn=null, attributes=null, scope=null,
filter=null, inetAddress=null], isOpen=true,
connectTime=2022-09-22T20:07:08.766229Z,
connectionConfig=[org.ldaptive.ConnectionConfig@590078605::ldapUrl=ldap://192.168.1.100:3268,
connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M,
autoReconnect=true,
autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$2974/0x0000000840dc0840@5114c8a1,
autoReplay=true,
sslConfig=[org.ldaptive.ssl.SslConfig@6932197::credentialConfig=null,
trustManagers=null,
hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@6e53bb4f,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false,
connectionInitializers=[org.ldaptive.BindConnectionInitializer@863917883::bindDn=CN=ldapreader,OU=ServiceAccounts,DC=C*****TEST,DC=example,DC=edu,
bindSaslConfig=null, bindControls=null],
connectionStrategy=org.ldaptive.ActivePassiveConnectionStrategy@5929059c,
connectionValidator=null, transportOptions={}], channel=[id: 0xde298389,
L:/192.168.1.100:43250 - R:192.168.1.100/192.168.1.100:3268],
responseTimeout=PT5S, creationTime=2022-09-23T16:06:23.081627Z, sentTime=null,
receivedTime=null, consumedMessage=false, result=null, exception=null>
2022-09-23 12:06:23,083 DEBUG
[org.apereo.cas.authentication.surrogate.SurrogateLdapAuthenticationService] -
<LDAP response: [org.ldaptive.SearchResponse@763858966::messageID=248,
controls=[], resultCode=SUCCESS, matchedDN=, diagnosticMessage=,
referralURLs=[], entries=[org.ldaptive.LdapEntry@-1983541953::messageID=248,
controls=[], dn=CN=Test
Impersonate,OU=NewEmployees,DC=C*****TEST,DC=example,DC=edu,
attributes=[org.ldaptive.LdapAttribute@-177020772::name=objectClass,
values=[top, person, organizationalPerson, user], binary=false,
org.ldaptive.LdapAttribute@391333248::name=cn, values=[Test Impersonate],
binary=false, org.ldaptive.LdapAttribute@171443826::name=sn,
values=[Impersonate], binary=false,
org.ldaptive.LdapAttribute@-1366417402::name=givenName, values=[Test],
binary=false, org.ldaptive.LdapAttribute@1516078052::name=distinguishedName,
values=[CN=Test Impersonate,OU=NewEmployees,DC=C*****TEST,DC=example,DC=edu],
binary=false, org.ldaptive.LdapAttribute@-1620148639::name=instanceType,
values=[4], binary=false,
org.ldaptive.LdapAttribute@-138016953::name=whenCreated,
values=[20220923160132.0Z], binary=false,
org.ldaptive.LdapAttribute@-849332881::name=whenChanged,
values=[20220923160620.0Z], binary=false,
org.ldaptive.LdapAttribute@816279650::name=displayName, values=[Test
Impersonate], binary=false,
org.ldaptive.LdapAttribute@-333581813::name=uSNCreated, values=[14536255],
binary=false, org.ldaptive.LdapAttribute@1446116613::name=memberOf,
values=[CN=stest-IMP,OU=sso_impersonation,OU=Groups,DC=C*****TEST,DC=example,DC=edu,
CN=parent_nested_group,OU=Groups,DC=C*****TEST,DC=example,DC=edu],
binary=false, org.ldaptive.LdapAttribute@284947063::name=uSNChanged,
values=[14536321], binary=false,
org.ldaptive.LdapAttribute@772202912::name=name, values=[Test Impersonate],
binary=false, org.ldaptive.LdapAttribute@-1094210003::name=objectGUID,
values=[M�s'�VD�c�!N+�}], binary=false,
org.ldaptive.LdapAttribute@-145131217::name=userAccountControl, values=[512],
binary=false, org.ldaptive.LdapAttribute@575947920::name=pwdLastSet,
values=[133084224930952558], binary=false,
org.ldaptive.LdapAttribute@-1214228995::name=primaryGroupID, values=[513],
binary=false, org.ldaptive.LdapAttribute@-830048124::name=objectSid,
values=[]!�B_*gM��/], binary=false,
org.ldaptive.LdapAttribute@-590207402::name=sAMAccountName,
values=[t.impersonate], binary=false,
org.ldaptive.LdapAttribute@73020207::name=sAMAccountType, values=[805306368],
binary=false, org.ldaptive.LdapAttribute@-45530025::name=userPrincipalName,
values=[t.impersonate@C*****TEST.example.edu], binary=false,
org.ldaptive.LdapAttribute@1503365745::name=objectCategory,
values=[CN=Person,CN=Schema,CN=Configuration,DC=C*****TEST,DC=example,DC=edu],
binary=false, org.ldaptive.LdapAttribute@589431078::name=dSCorePropagationData,
values=[16010101000000.0Z], binary=false,
org.ldaptive.LdapAttribute@2033153728::name=lastLogonTimestamp,
values=[133084227804090495], binary=false]], references=[]]>
2022-09-23 12:06:23,083 DEBUG
[org.apereo.cas.authentication.surrogate.SurrogateLdapAuthenticationService] -
<Locating LDAP entry [org.ldaptive.LdapEntry@-1983541953::messageID=248,
controls=[], dn=CN=Test
Impersonate,OU=NewEmployees,DC=C*****TEST,DC=example,DC=edu,
attributes=[org.ldaptive.LdapAttribute@-177020772::name=objectClass,
values=[top, person, organizationalPerson, user], binary=false,
org.ldaptive.LdapAttribute@391333248::name=cn, values=[Test Impersonate],
binary=false, org.ldaptive.LdapAttribute@171443826::name=sn,
values=[Impersonate], binary=false,
org.ldaptive.LdapAttribute@-1366417402::name=givenName, values=[Test],
binary=false, org.ldaptive.LdapAttribute@1516078052::name=distinguishedName,
values=[CN=Test Impersonate,OU=NewEmployees,DC=C*****TEST,DC=example,DC=edu],
binary=false, org.ldaptive.LdapAttribute@-1620148639::name=instanceType,
values=[4], binary=false,
org.ldaptive.LdapAttribute@-138016953::name=whenCreated,
values=[20220923160132.0Z], binary=false,
org.ldaptive.LdapAttribute@-849332881::name=whenChanged,
values=[20220923160620.0Z], binary=false,
org.ldaptive.LdapAttribute@816279650::name=displayName, values=[Test
Impersonate], binary=false,
org.ldaptive.LdapAttribute@-333581813::name=uSNCreated, values=[14536255],
binary=false, org.ldaptive.LdapAttribute@1446116613::name=memberOf,
values=[CN=stest-IMP,OU=sso_impersonation,OU=Groups,DC=C*****TEST,DC=example,DC=edu,
CN=parent_nested_group,OU=Groups,DC=C*****TEST,DC=example,DC=edu],
binary=false, org.ldaptive.LdapAttribute@284947063::name=uSNChanged,
values=[14536321], binary=false,
org.ldaptive.LdapAttribute@772202912::name=name, values=[Test Impersonate],
binary=false, org.ldaptive.LdapAttribute@-1094210003::name=objectGUID,
values=[M�s'�VD�c�!N+�}], binary=false,
org.ldaptive.LdapAttribute@-145131217::name=userAccountControl, values=[512],
binary=false, org.ldaptive.LdapAttribute@575947920::name=pwdLastSet,
values=[133084224930952558], binary=false,
org.ldaptive.LdapAttribute@-1214228995::name=primaryGroupID, values=[513],
binary=false, org.ldaptive.LdapAttribute@-830048124::name=objectSid,
values=[]!�B_*gM��/], binary=false,
org.ldaptive.LdapAttribute@-590207402::name=sAMAccountName,
values=[t.impersonate], binary=false,
org.ldaptive.LdapAttribute@73020207::name=sAMAccountType, values=[805306368],
binary=false, org.ldaptive.LdapAttribute@-45530025::name=userPrincipalName,
values=[t.impersonate@C*****TEST.example.edu], binary=false,
org.ldaptive.LdapAttribute@1503365745::name=objectCategory,
values=[CN=Person,CN=Schema,CN=Configuration,DC=C*****TEST,DC=example,DC=edu],
binary=false, org.ldaptive.LdapAttribute@589431078::name=dSCorePropagationData,
values=[16010101000000.0Z], binary=false,
org.ldaptive.LdapAttribute@2033153728::name=lastLogonTimestamp,
values=[133084227804090495], binary=false]] with attribute
[org.ldaptive.LdapAttribute@1446116613::name=memberOf,
values=[CN=stest-IMP,OU=sso_impersonation,OU=Groups,DC=C*****TEST,DC=example,DC=edu,
CN=parent_nested_group,OU=Groups,DC=C*****TEST,DC=example,DC=edu],
binary=false]>
2022-09-23 12:06:23,083 DEBUG
[org.apereo.cas.authentication.surrogate.SurrogateLdapAuthenticationService] -
<Constructed attribute value regex pattern [CN=(.+)-IMP.+]>
2022-09-23 12:06:23,083 DEBUG
[org.apereo.cas.authentication.surrogate.SurrogateLdapAuthenticationService] -
<Following accounts may be eligible for surrogate authentication: [[stest]]>
2022-09-23 12:06:23,083 DEBUG
[org.apereo.cas.web.flow.action.LoadSurrogatesListAction] - <Surrogate accounts
found are [[stest]]>
