what's wrong with LDAP search-and-bind authentication! help!
Old Man
jali0681 at gmail.com
Wed Feb 7 10:22:42 EST 2007
hi:
thank you Scott Battaglia
i am tired with this problem for a few days.
i only create one user under the entry (cn=users,dc=OPDEVNET) . and i
use "administrator" (username) and "mypassword"(password) to login "OPDEVNET
"(domain). that is all. it is very simple. and i have tried other ways,
ex: change uid to cn. and change "cn=users,dc=OPDEVNET" to
adminstrator at OPDEVNET". and i even try every cas version with diferent
spring temple or ldap jar. but all the things seems not work!
thank you very much!
old man
2/7/2007
On 2/7/07, Scott Battaglia <scott.battaglia at gmail.com> wrote:
>
> Its most likely something with your directory server based on what that
> forum says. Have you tried other usernames? Checked into the username you
> are trying to authenticate, etc.?
>
> On 2/7/07, gmail <jali0681 at gmail.com> wrote:
>
> > Old Man:
> >
> > hi:
> >
> > i config the deployerConfigContext.xml file according to guide.
> > http://www.ja-sig.org/products/cas/server/ldapauthhandler/index.html
> > but i get the screen below, when i login on server.
> >
> > -------------------------------------
> > CAS is Unavailable
> >
> > A general exception occurred while trying to access CAS. Please notify
> > your system administrator.
> > ----------------------------------------
> >
> > i use windows ldap client to connect AD, and it works.
> > i use cas-server 3.0.6 and tomcat 5.5.17 in jahia. and my jdk 1.5.0.6
> > below is the configure of the deployerConfigContext.xml file
> >
> > --------------------------------
> > <beans>
> >
> > <bean id="authenticationManager"
> > class="org.jasig.cas.authentication.AuthenticationManagerImpl">
> >
> >
> > <property name="credentialsToPrincipalResolvers">
> > <list>
> >
> > <bean
> > class="
> > org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
> > />
> >
> > <bean
> > class="
> > org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
> > />
> > </list>
> > </property>
> >
> > <property name="authenticationHandlers">
> > <list>
> >
> > <bean
> > class="
> > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> > />
> >
> >
> > <bean class="
> > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
> > <property name="filter" value="uid=%u" />
> > <property name="searchBase"
> > value="cn=users,dc=OPDEVNET" />
> > <property name="contextSource"
> > ref="contextSource" />
> > </bean>
> >
> > </list>
> > </property>
> > </bean>
> >
> > <bean id="contextSource" class="
> > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
> >
> > <property name="userName" value="administrator" /> <!--this
> > is the user logining to the AD server -->
> > <property name="password" value="mypassword" />
> > <!--password-->
> > <property name="urls">
> > <list>
> > <value>ldap://onepoint-winser:389/</value>
> > <!-- AD server -->
> > </list>
> > </property>
> > <property name="baseEnvironmentProperties">
> > <map>
> > <entry>
> > <key><value>
> > java.naming.security.authentication</value></key>
> > <value>simple</value>
> > </entry>
> > </map>
> > </property>
> > </bean>
> > </beans>
> >
> > ----------------------------
> >
> > these are the errors :
> >
> > #######################################
> > 2007-02-06 19:27:08,328 DEBUG [
> > org.springframework.web.context.support.XmlWebApplicationContext] -
> > Publishing event in context [WebApplicationContext for namespace
> > 'cas-servlet']: ServletRequestHandledEvent: url=[/cas/login]; client=[
> > 127.0.0.1]; method=[POST]; servlet=[cas];
> > session=[D7EDB30B1CD13924918BA779F9B2EC94]; user=[null]; time=[203ms];
> > status=[failed:
> > org.springframework.webflow.engine.ActionExecutionException: Exception
> > thrown executing [ AnnotatedAction at c44deb targetAction =
> > org.jasig.cas.web.flow.AuthenticationViaFormAction at 1b4b88d, attributes =
> > map['method' -> 'submit']] in state 'submit' of flow 'login-webflow' --
> > action execution attributes were 'map['method' -> 'submit']'; nested
> > exception is org.springframework.ldap.UncategorizedLdapException:
> > Operation failed; nested exception is
> > javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
> > LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
> > ]]
> > 2007-02-06 19:27:08,328 DEBUG [
> > org.springframework.web.context.support.XmlWebApplicationContext] -
> > Publishing event in context [Root WebApplicationContext]:
> > ServletRequestHandledEvent: url=[/cas/login]; client=[ 127.0.0.1];
> > method=[POST]; servlet=[cas]; session=[D7EDB30B1CD13924918BA779F9B2EC94];
> > user=[null]; time=[203ms]; status=[failed:
> > org.springframework.webflow.engine.ActionExecutionException: Exception
> > thrown executing [ AnnotatedAction at c44deb targetAction =
> > org.jasig.cas.web.flow.AuthenticationViaFormAction at 1b4b88d, attributes =
> > map['method' -> 'submit']] in state 'submit' of flow 'login-webflow' --
> > action execution attributes were 'map['method' -> 'submit']'; nested
> > exception is org.springframework.ldap.UncategorizedLdapException:
> > Operation failed; nested exception is
> > javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
> > LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
> > ]]
> > 2007-02-06 19:27:08,328 ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cas].[cas]]
> > - Servlet.service() for servlet cas threw exception
> > javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
> > LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
> > ]
> > at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985)
> > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
> > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
> > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
> > at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
> > at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java
> > :175)
> > at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs (
> > LdapCtxFactory.java:193)
> > at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(
> > LdapCtxFactory.java:136)
> > at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(
> > LdapCtxFactory.java:66)
> > at javax.naming.spi.NamingManager.getInitialContext (
> > NamingManager.java:667)
> > at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java
> > :247)
> > at javax.naming.InitialContext.init(InitialContext.java:223)
> > at javax.naming.ldap.InitialLdapContext.<init>(
> > InitialLdapContext.java:134)
> > at
> > org.springframework.ldap.support.LdapContextSource.getDirContextInstance
> > (LdapContextSource.java:59)
> > at
> > org.springframework.ldap.support.AbstractContextSource.createContext(
> > AbstractContextSource.java :193)
> > at
> > org.springframework.ldap.support.AbstractContextSource.getReadOnlyContext
> > (AbstractContextSource.java:104)
> > at org.springframework.ldap.LdapTemplate.search(LdapTemplate.java
> > :263)
> > at org.springframework.ldap.LdapTemplate.search (LdapTemplate.java
> > :314)
> > at
> > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUsernamePasswordInternal
> > (BindLdapAuthenticationHandler.java:70)
> > at
> > org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.authenticate(
> > AbstractUsernamePasswordAuthenticationHandler.java:58)
> > at
> > org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(
> > AuthenticationManagerImpl.java:79)
> > at
> > org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(
> > CentralAuthenticationServiceImpl.java:282)
> > at org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(
> > AuthenticationViaFormAction.java:116)
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at sun.reflect.NativeMethodAccessorImpl.invoke(
> > NativeMethodAccessorImpl.java:39)
> > at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> > DelegatingMethodAccessorImpl.java:25)
> > at java.lang.reflect.Method.invoke (Method.java:585)
> > at org.springframework.webflow.util.DispatchMethodInvoker.invoke(
> > DispatchMethodInvoker.java:105)
> > at org.springframework.webflow.action.MultiAction.doExecute(
> > MultiAction.java:136)
> > at org.springframework.webflow.action.AbstractAction.execute(
> > AbstractAction.java:203)
> > at org.springframework.webflow.engine.AnnotatedAction.execute(
> > AnnotatedAction.java:142)
> > at org.springframework.webflow.engine.ActionExecutor.execute (
> > ActionExecutor.java:61)
> > at org.springframework.webflow.engine.ActionState.doEnter(
> > ActionState.java:180)
> > at org.springframework.webflow.engine.State.enter(State.java:200)
> > at org.springframework.webflow.engine.Transition.execute (
> > Transition.java:218)
> > at org.springframework.webflow.engine.TransitionableState.onEvent(
> > TransitionableState.java:112)
> > at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
> > at
> > org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(
> > RequestControlContextImpl.java:207)
> > at org.springframework.webflow.engine.ActionState.doEnter(
> > ActionState.java:185)
> > at org.springframework.webflow.engine.State.enter(State.java:200)
> > at org.springframework.webflow.engine.Transition.execute (
> > Transition.java:218)
> > at org.springframework.webflow.engine.TransitionableState.onEvent(
> > TransitionableState.java:112)
> > at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
> > at
> > org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(
> > RequestControlContextImpl.java:207)
> > at
> > org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(
> > FlowExecutionImpl.java:211)
> > at org.springframework.webflow.executor.FlowExecutorImpl.resume(
> > FlowExecutorImpl.java :227)
> > at
> > org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest
> > (FlowRequestHandler.java:115)
> > at
> > org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal
> > (FlowController.java :170)
> > at
> > org.springframework.web.servlet.mvc.AbstractController.handleRequest(
> > AbstractController.java:153)
> > at
> > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle
> > (SimpleControllerHandlerAdapter.java :45)
> > at org.springframework.web.servlet.DispatcherServlet.doDispatch(
> > DispatcherServlet.java:820)
> > at org.springframework.web.servlet.DispatcherServlet.doService(
> > DispatcherServlet.java:755)
> > at org.springframework.web.servlet.FrameworkServlet.processRequest (
> > FrameworkServlet.java:396)
> > at org.springframework.web.servlet.FrameworkServlet.doPost(
> > FrameworkServlet.java:360)
> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
> > at javax.servlet.http.HttpServlet.service (HttpServlet.java:802)
> > at org.jasig.cas.web.init.SafeDispatcherServlet.service(
> > SafeDispatcherServlet.java:115)
> > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> > ApplicationFilterChain.java:252)
> > at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> > ApplicationFilterChain.java:173)
> > at org.apache.catalina.core.StandardWrapperValve.invoke(
> > StandardWrapperValve.java:213)
> > at org.apache.catalina.core.StandardContextValve.invoke (
> > StandardContextValve.java:178)
> > at org.apache.catalina.core.StandardHostValve.invoke(
> > StandardHostValve.java:126)
> > at org.apache.catalina.valves.ErrorReportValve.invoke(
> > ErrorReportValve.java:105)
> > at org.apache.catalina.core.StandardEngineValve.invoke (
> > StandardEngineValve.java:107)
> > at org.apache.catalina.connector.CoyoteAdapter.service(
> > CoyoteAdapter.java:148)
> > at org.apache.coyote.http11.Http11Processor.process(
> > Http11Processor.java:869)
> > at
> > org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(
> > Http11BaseProtocol.java:664)
> > at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(
> > PoolTcpEndpoint.java:527)
> > at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(
> > LeaderFollowerWorkerThread.java :80)
> > at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
> > ThreadPool.java:684)
> > at java.lang.Thread.run(Thread.java:595)
> > 2007-02-06 19:27:08,562 DEBUG [
> > org.springframework.web.servlet.DispatcherServlet ] - Testing handler
> > map [
> > org.springframework.web.servlet.handler.SimpleUrlHandlerMapping at 1f02b4b]
> > in DispatcherServlet with name 'cas'
> > 2007-02-06 19:27:08,578 DEBUG [
> > org.springframework.web.servlet.handler.SimpleUrlHandlerMapping ] -
> > Looking up handler for [/login]
> > 2007-02-06 19:27:08,578 DEBUG [
> > org.springframework.web.servlet.DispatcherServlet] - Testing handler
> > adapter [
> > org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter at aa4bf8]
> > 2007-02-06 19:27:08,578 DEBUG [
> > org.springframework.web.servlet.DispatcherServlet] - Testing handler
> > adapter [
> > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter at c4bc6d
> > ]
> > 2007-02-06 19:27:08,578 DEBUG [
> > org.springframework.web.servlet.DispatcherServlet ] - Last-Modified
> > value for [/cas/login] is [-1]
> > 2007-02-06 19:27:08,578 DEBUG [
> > org.springframework.web.servlet.DispatcherServlet] - DispatcherServlet
> > with name 'cas' received request for [/cas/login]
> > 2007-02-06 19:27:08,578 DEBUG [
> > org.springframework.core.CollectionFactory] - Creating [
> > java.util.LinkedHashMap]
> > 2007-02-06 19:27:08,578 DEBUG [
> > org.springframework.web.servlet.DispatcherServlet] - Bound request
> > context to thread: org.apache.catalina.connector.RequestFacade at 764091
> > 2007-02-06 19:27:08,578 DEBUG [
> > org.springframework.web.servlet.DispatcherServlet] - Testing handler
> > adapter [
> > org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter at aa4bf8]
> > 2007-02-06 19:27:08,578 DEBUG [
> > org.springframework.web.servlet.DispatcherServlet ] - Testing handler
> > adapter [
> > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter at c4bc6d
> > ]
> > ##############################
> >
> > i have searched former mail-list of cas, there are some same problems
> > with me. but a few user to paste the correct answer, and some situation is
> > not adapt to me.
> >
> > and this is my ldap client information.
> >
> > ####################
> > Expanding base 'CN=Users,DC=OPDEVNET'...
> > Result <0>: (null)
> > Matched DNs:
> > Getting 1 entries:
> > >> Dn: CN=Users,DC=OPDEVNET
> > 2> objectClass: top; container;
> > 1> cn: Users;
> > 1> description: Default container for upgraded user accounts;
> > 1> distinguishedName: CN=Users,DC=OPDEVNET;
> > 1> instanceType: 0x4 = ( IT_WRITE );
> > 1> whenCreated: 11/7/2006 18:14:50 China Standard Time China
> > Standard Time;
> > 1> whenChanged: 11/7/2006 18:14:50 China Standard Time China
> > Standard Time;
> > 1> uSNCreated: 4304;
> > 1> uSNChanged: 4304;
> > 1> showInAdvancedViewOnly: FALSE;
> > 1> name: Users;
> > 1> objectGUID: 9105dc75-62e4-472e-a41f-acee515a0933;
> > 1> systemFlags: 0x8C000000 = ( FLAG_DISALLOW_DELETE |
> > FLAG_DOMAIN_DISALLOW_RENAME | FLAG_DOMAIN_DISALLOW_MOVE );
> > 1> objectCategory:
> > CN=Container,CN=Schema,CN=Configuration,DC=OPDEVNET;
> > 1> isCriticalSystemObject: TRUE;
> >
> > ###################
> >
> > 1、do i need a LDAP server's certificate to the JVM?
> > 2、what's the problem with my configure file?
> > 3、i have viewed the thread: http://forum.java.sun.com/thread.jspa?messageID=4227692
> > but i don't know what 's wrong with the configure in cas.
> >
> >
> > thank you in advance.
> >
> > oldman
> > 2/6/2007
> >
> > hi :
> > can you help me to solve the problem? thank you very much. i am new
> > to cas.
> >
> >
> > oldman
> >
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070207/4fb744c4/attachment.html
More information about the cas
mailing list