what's wrong with LDAP search-and-bind authentication! help!
Scott Battaglia
scott.battaglia at gmail.com
Wed Feb 7 09:41:36 EST 2007
Its most likely something with your directory server based on what that
forum says. Have you tried other usernames? Checked into the username you
are trying to authenticate, etc.?
On 2/7/07, gmail <jali0681 at gmail.com> wrote:
>
> Old Man:
>
> hi:
>
> i config the deployerConfigContext.xml file according to guide.
> http://www.ja-sig.org/products/cas/server/ldapauthhandler/index.html
> but i get the screen below, when i login on server.
>
> -------------------------------------
> CAS is Unavailable
>
> A general exception occurred while trying to access CAS. Please notify
> your system administrator.
> ----------------------------------------
>
> i use windows ldap client to connect AD, and it works.
> i use cas-server 3.0.6 and tomcat 5.5.17 in jahia. and my jdk 1.5.0.6
> below is the configure of the deployerConfigContext.xml file
>
> --------------------------------
> <beans>
>
> <bean id="authenticationManager"
> class="org.jasig.cas.authentication.AuthenticationManagerImpl">
>
>
> <property name="credentialsToPrincipalResolvers">
> <list>
>
> <bean
> class="
> org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
> />
>
> <bean
> class="
> org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
> />
> </list>
> </property>
>
> <property name="authenticationHandlers">
> <list>
>
> <bean
> class="
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> />
>
>
> <bean class="
> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
> <property name="filter" value="uid=%u" />
> <property name="searchBase"
> value="cn=users,dc=OPDEVNET" />
> <property name="contextSource" ref="contextSource"
> />
> </bean>
>
> </list>
> </property>
> </bean>
>
> <bean id="contextSource" class="
> org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
>
> <property name="userName" value="administrator" /> <!--this
> is the user logining to the AD server -->
> <property name="password" value="mypassword" />
> <!--password-->
> <property name="urls">
> <list>
> <value>ldap://onepoint-winser:389/</value>
> <!-- AD server -->
> </list>
> </property>
> <property name="baseEnvironmentProperties">
> <map>
> <entry>
> <key><value>
> java.naming.security.authentication</value></key>
> <value>simple</value>
> </entry>
> </map>
> </property>
> </bean>
> </beans>
>
> ----------------------------
>
> these are the errors :
>
> #######################################
> 2007-02-06 19:27:08,328 DEBUG [
> org.springframework.web.context.support.XmlWebApplicationContext] -
> Publishing event in context [WebApplicationContext for namespace
> 'cas-servlet']: ServletRequestHandledEvent: url=[/cas/login]; client=[
> 127.0.0.1]; method=[POST]; servlet=[cas];
> session=[D7EDB30B1CD13924918BA779F9B2EC94]; user=[null]; time=[203ms];
> status=[failed:
> org.springframework.webflow.engine.ActionExecutionException: Exception
> thrown executing [ AnnotatedAction at c44deb targetAction =
> org.jasig.cas.web.flow.AuthenticationViaFormAction at 1b4b88d, attributes =
> map['method' -> 'submit']] in state 'submit' of flow 'login-webflow' --
> action execution attributes were 'map['method' -> 'submit']'; nested
> exception is org.springframework.ldap.UncategorizedLdapException:
> Operation failed; nested exception is javax.naming.AuthenticationException:
> [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment:
> AcceptSecurityContext error, data 525, vece ]]
> 2007-02-06 19:27:08,328 DEBUG [
> org.springframework.web.context.support.XmlWebApplicationContext] -
> Publishing event in context [Root WebApplicationContext]:
> ServletRequestHandledEvent: url=[/cas/login]; client=[ 127.0.0.1];
> method=[POST]; servlet=[cas]; session=[D7EDB30B1CD13924918BA779F9B2EC94];
> user=[null]; time=[203ms]; status=[failed:
> org.springframework.webflow.engine.ActionExecutionException: Exception
> thrown executing [ AnnotatedAction at c44deb targetAction =
> org.jasig.cas.web.flow.AuthenticationViaFormAction at 1b4b88d, attributes =
> map['method' -> 'submit']] in state 'submit' of flow 'login-webflow' --
> action execution attributes were 'map['method' -> 'submit']'; nested
> exception is org.springframework.ldap.UncategorizedLdapException:
> Operation failed; nested exception is javax.naming.AuthenticationException:
> [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment:
> AcceptSecurityContext error, data 525, vece ]]
> 2007-02-06 19:27:08,328 ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cas].[cas]]
> - Servlet.service() for servlet cas threw exception
> javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
> ]
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985)
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java
> :175)
> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs (LdapCtxFactory.java
> :193)
> at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(
> LdapCtxFactory.java:136)
> at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(
> LdapCtxFactory.java:66)
> at javax.naming.spi.NamingManager.getInitialContext (
> NamingManager.java:667)
> at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java
> :247)
> at javax.naming.InitialContext.init(InitialContext.java:223)
> at javax.naming.ldap.InitialLdapContext.<init>(
> InitialLdapContext.java:134)
> at
> org.springframework.ldap.support.LdapContextSource.getDirContextInstance(
> LdapContextSource.java:59)
> at
> org.springframework.ldap.support.AbstractContextSource.createContext(
> AbstractContextSource.java :193)
> at
> org.springframework.ldap.support.AbstractContextSource.getReadOnlyContext(
> AbstractContextSource.java:104)
> at org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:263)
> at org.springframework.ldap.LdapTemplate.search (LdapTemplate.java
> :314)
> at
> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUsernamePasswordInternal
> (BindLdapAuthenticationHandler.java:70)
> at
> org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.authenticate(
> AbstractUsernamePasswordAuthenticationHandler.java:58)
> at org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate
> (AuthenticationManagerImpl.java:79)
> at
> org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(
> CentralAuthenticationServiceImpl.java:282)
> at org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(
> AuthenticationViaFormAction.java:116)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke (Method.java:585)
> at org.springframework.webflow.util.DispatchMethodInvoker.invoke(
> DispatchMethodInvoker.java:105)
> at org.springframework.webflow.action.MultiAction.doExecute(
> MultiAction.java:136)
> at org.springframework.webflow.action.AbstractAction.execute(
> AbstractAction.java:203)
> at org.springframework.webflow.engine.AnnotatedAction.execute(
> AnnotatedAction.java:142)
> at org.springframework.webflow.engine.ActionExecutor.execute (
> ActionExecutor.java:61)
> at org.springframework.webflow.engine.ActionState.doEnter(
> ActionState.java:180)
> at org.springframework.webflow.engine.State.enter(State.java:200)
> at org.springframework.webflow.engine.Transition.execute (
> Transition.java:218)
> at org.springframework.webflow.engine.TransitionableState.onEvent(
> TransitionableState.java:112)
> at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
> at
> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(
> RequestControlContextImpl.java:207)
> at org.springframework.webflow.engine.ActionState.doEnter(
> ActionState.java:185)
> at org.springframework.webflow.engine.State.enter(State.java:200)
> at org.springframework.webflow.engine.Transition.execute (
> Transition.java:218)
> at org.springframework.webflow.engine.TransitionableState.onEvent(
> TransitionableState.java:112)
> at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
> at
> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(
> RequestControlContextImpl.java:207)
> at
> org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(
> FlowExecutionImpl.java:211)
> at org.springframework.webflow.executor.FlowExecutorImpl.resume(
> FlowExecutorImpl.java :227)
> at
> org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest
> (FlowRequestHandler.java:115)
> at
> org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal
> (FlowController.java :170)
> at
> org.springframework.web.servlet.mvc.AbstractController.handleRequest(
> AbstractController.java:153)
> at
> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(
> SimpleControllerHandlerAdapter.java :45)
> at org.springframework.web.servlet.DispatcherServlet.doDispatch(
> DispatcherServlet.java:820)
> at org.springframework.web.servlet.DispatcherServlet.doService(
> DispatcherServlet.java:755)
> at org.springframework.web.servlet.FrameworkServlet.processRequest (
> FrameworkServlet.java:396)
> at org.springframework.web.servlet.FrameworkServlet.doPost(
> FrameworkServlet.java:360)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
> at javax.servlet.http.HttpServlet.service (HttpServlet.java:802)
> at org.jasig.cas.web.init.SafeDispatcherServlet.service(
> SafeDispatcherServlet.java:115)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:252)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:173)
> at org.apache.catalina.core.StandardWrapperValve.invoke(
> StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke (
> StandardContextValve.java:178)
> at org.apache.catalina.core.StandardHostValve.invoke(
> StandardHostValve.java:126)
> at org.apache.catalina.valves.ErrorReportValve.invoke(
> ErrorReportValve.java:105)
> at org.apache.catalina.core.StandardEngineValve.invoke (
> StandardEngineValve.java:107)
> at org.apache.catalina.connector.CoyoteAdapter.service(
> CoyoteAdapter.java:148)
> at org.apache.coyote.http11.Http11Processor.process(
> Http11Processor.java:869)
> at
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(
> Http11BaseProtocol.java:664)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(
> PoolTcpEndpoint.java:527)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(
> LeaderFollowerWorkerThread.java :80)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
> ThreadPool.java:684)
> at java.lang.Thread.run(Thread.java:595)
> 2007-02-06 19:27:08,562 DEBUG [
> org.springframework.web.servlet.DispatcherServlet ] - Testing handler map
> [org.springframework.web.servlet.handler.SimpleUrlHandlerMapping at 1f02b4b]
> in DispatcherServlet with name 'cas'
> 2007-02-06 19:27:08,578 DEBUG [
> org.springframework.web.servlet.handler.SimpleUrlHandlerMapping ] -
> Looking up handler for [/login]
> 2007-02-06 19:27:08,578 DEBUG [
> org.springframework.web.servlet.DispatcherServlet] - Testing handler
> adapter [
> org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter at aa4bf8]
> 2007-02-06 19:27:08,578 DEBUG [
> org.springframework.web.servlet.DispatcherServlet] - Testing handler
> adapter [
> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter at c4bc6d]
> 2007-02-06 19:27:08,578 DEBUG [
> org.springframework.web.servlet.DispatcherServlet ] - Last-Modified value
> for [/cas/login] is [-1]
> 2007-02-06 19:27:08,578 DEBUG [
> org.springframework.web.servlet.DispatcherServlet] - DispatcherServlet
> with name 'cas' received request for [/cas/login]
> 2007-02-06 19:27:08,578 DEBUG [ org.springframework.core.CollectionFactory]
> - Creating [java.util.LinkedHashMap]
> 2007-02-06 19:27:08,578 DEBUG [
> org.springframework.web.servlet.DispatcherServlet] - Bound request context
> to thread: org.apache.catalina.connector.RequestFacade at 764091
> 2007-02-06 19:27:08,578 DEBUG [
> org.springframework.web.servlet.DispatcherServlet] - Testing handler
> adapter [
> org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter at aa4bf8]
> 2007-02-06 19:27:08,578 DEBUG [
> org.springframework.web.servlet.DispatcherServlet ] - Testing handler
> adapter [
> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter at c4bc6d]
> ##############################
>
> i have searched former mail-list of cas, there are some same problems with
> me. but a few user to paste the correct answer, and some situation is not
> adapt to me.
>
> and this is my ldap client information.
>
> ####################
> Expanding base 'CN=Users,DC=OPDEVNET'...
> Result <0>: (null)
> Matched DNs:
> Getting 1 entries:
> >> Dn: CN=Users,DC=OPDEVNET
> 2> objectClass: top; container;
> 1> cn: Users;
> 1> description: Default container for upgraded user accounts;
> 1> distinguishedName: CN=Users,DC=OPDEVNET;
> 1> instanceType: 0x4 = ( IT_WRITE );
> 1> whenCreated: 11/7/2006 18:14:50 China Standard Time China Standard
> Time;
> 1> whenChanged: 11/7/2006 18:14:50 China Standard Time China Standard
> Time;
> 1> uSNCreated: 4304;
> 1> uSNChanged: 4304;
> 1> showInAdvancedViewOnly: FALSE;
> 1> name: Users;
> 1> objectGUID: 9105dc75-62e4-472e-a41f-acee515a0933;
> 1> systemFlags: 0x8C000000 = ( FLAG_DISALLOW_DELETE |
> FLAG_DOMAIN_DISALLOW_RENAME | FLAG_DOMAIN_DISALLOW_MOVE );
> 1> objectCategory:
> CN=Container,CN=Schema,CN=Configuration,DC=OPDEVNET;
> 1> isCriticalSystemObject: TRUE;
>
> ###################
>
> 1、do i need a LDAP server's certificate to the JVM?
> 2、what's the problem with my configure file?
> 3、i have viewed the thread:
> http://forum.java.sun.com/thread.jspa?messageID=4227692 but i don't know
> what 's wrong with the configure in cas.
>
>
> thank you in advance.
>
> oldman
> 2/6/2007
>
> hi :
> can you help me to solve the problem? thank you very much. i am new to
> cas.
>
>
> oldman
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070207/55bcb58e/attachment.html
More information about the cas
mailing list