what's wrong with LDAP search-and-bind authentication! help!
gmail
jali0681 at gmail.com
Wed Feb 7 10:57:02 EST 2007
hi scott:
i can login "OPDEVNET" with windows ldp client.(ldp.exe) with username:
administrator, password: mypassword. so it is not this problem. and the
users in the domain. i only create one user ex: username: jahia
password: jahia, i try to create a ou: onepoint and a group: testjahia,
then i add the user(jahia) to the group(testjahia) which belongs to the
organization unit(onepoint).
then i try to connect LDAP with :
1、 <property name="searchBase" value="cn=users,dc=OPDEVNET" />
2、 <property name="searchBase" value="ou=onepoint,dc=OPDEVNET" />
3、 <property name="searchBase" value="cn=testjahia,
ou=onepoint,dc=OPDEVNET" />
.....
all the cases do not work!
help me ! thanks
oldman
2/7/2007
Scott Battaglia wrote:
> Its most likely something with your directory server based on what
> that forum says. Have you tried other usernames? Checked into the
> username you are trying to authenticate, etc.?
>
> On 2/7/07, *gmail* <jali0681 at gmail.com <mailto:jali0681 at gmail.com>>
> wrote:
>
> Old Man:
>> hi:
>>
>> i config the deployerConfigContext.xml file according to guide.
>> http://www.ja-sig.org/products/cas/server/ldapauthhandler/index.html
>> <http://www.ja-sig.org/products/cas/server/ldapauthhandler/index.html>
>> but i get the screen below, when i login on server.
>>
>> -------------------------------------
>>
>>
>> CAS is Unavailable
>>
>> A general exception occurred while trying to access CAS. Please
>> notify your system administrator.
>>
>> ----------------------------------------
>>
>> i use windows ldap client to connect AD, and it works.
>> i use cas-server 3.0.6 and tomcat 5.5.17 in jahia. and my jdk
>> 1.5.0.6 <http://1.5.0.6>
>> below is the configure of the deployerConfigContext.xml file
>>
>> --------------------------------
>> <beans>
>>
>> <bean id="authenticationManager"
>> class="org.jasig.cas.authentication.AuthenticationManagerImpl">
>>
>>
>> <property name="credentialsToPrincipalResolvers">
>> <list>
>>
>> <bean
>> class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
>> />
>>
>> <bean
>> class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
>> />
>> </list>
>> </property>
>>
>> <property name="authenticationHandlers">
>> <list>
>>
>> <bean
>> class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
>> />
>>
>>
>> <bean
>> class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
>> <property name="filter" value="uid=%u" />
>> <property name="searchBase" value="cn=users,dc=OPDEVNET" />
>> <property name="contextSource" ref="contextSource" />
>> </bean>
>>
>> </list>
>> </property>
>> </bean>
>>
>> <bean id="contextSource"
>> class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
>>
>> <property name="userName" value="administrator" /> <!--this is
>> the user logining to the AD server -->
>> <property name="password" value="mypassword" /> <!--password-->
>> <property name="urls">
>> <list>
>> <value>ldap://onepoint-winser:389/</value> <!-- AD server -->
>> </list>
>> </property>
>> <property name="baseEnvironmentProperties">
>> <map>
>> <entry>
>> <key><value>java.naming.security.authentication</value></key>
>> <value>simple</value>
>> </entry>
>> </map>
>> </property>
>> </bean>
>> </beans>
>>
>> ----------------------------
>>
>> these are the errors :
>>
>> #######################################
>> 2007-02-06 19:27:08,328 DEBUG
>> [org.springframework.web.context.support.XmlWebApplicationContext]
>> - Publishing event in context [WebApplicationContext for
>> namespace 'cas-servlet']: ServletRequestHandledEvent:
>> url=[/cas/login]; client=[ 127.0.0.1 <http://127.0.0.1>];
>> method=[POST]; servlet=[cas];
>> session=[D7EDB30B1CD13924918BA779F9B2EC94]; user=[null];
>> time=[203ms]; status=[failed:
>> org.springframework.webflow.engine.ActionExecutionException:
>> Exception thrown executing [ AnnotatedAction at c44deb targetAction
>> = org.jasig.cas.web.flow.AuthenticationViaFormAction at 1b4b88d,
>> attributes = map['method' -> 'submit']] in state 'submit' of flow
>> 'login-webflow' -- action execution attributes were 'map['method'
>> -> 'submit']'; nested exception is
>> org.springframework.ldap.UncategorizedLdapException: Operation
>> failed; nested exception is javax.naming.AuthenticationException:
>> [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment:
>> AcceptSecurityContext error, data 525, vece ]]
>> 2007-02-06 19:27:08,328 DEBUG
>> [org.springframework.web.context.support.XmlWebApplicationContext]
>> - Publishing event in context [Root WebApplicationContext]:
>> ServletRequestHandledEvent: url=[/cas/login]; client=[ 127.0.0.1
>> <http://127.0.0.1>]; method=[POST]; servlet=[cas];
>> session=[D7EDB30B1CD13924918BA779F9B2EC94]; user=[null];
>> time=[203ms]; status=[failed:
>> org.springframework.webflow.engine.ActionExecutionException:
>> Exception thrown executing [ AnnotatedAction at c44deb targetAction
>> = org.jasig.cas.web.flow.AuthenticationViaFormAction at 1b4b88d,
>> attributes = map['method' -> 'submit']] in state 'submit' of flow
>> 'login-webflow' -- action execution attributes were 'map['method'
>> -> 'submit']'; nested exception is
>> org.springframework.ldap.UncategorizedLdapException: Operation
>> failed; nested exception is javax.naming.AuthenticationException:
>> [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment:
>> AcceptSecurityContext error, data 525, vece ]]
>> 2007-02-06 19:27:08,328 ERROR
>> [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cas].[cas]]
>> - Servlet.service() for servlet cas threw exception
>> javax.naming.AuthenticationException: [LDAP: error code 49 -
>> 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
>> error, data 525, vece ]
>> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985)
>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
>> at
>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs
>> (LdapCtxFactory.java:193)
>> at
>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>> at
>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
>> at javax.naming.spi.NamingManager.getInitialContext
>> (NamingManager.java:667)
>> at
>> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
>> at javax.naming.InitialContext.init(InitialContext.java:223)
>> at javax.naming.ldap.InitialLdapContext.<init>(
>> InitialLdapContext.java:134)
>> at
>> org.springframework.ldap.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:59)
>> at
>> org.springframework.ldap.support.AbstractContextSource.createContext(AbstractContextSource.java
>> :193)
>> at
>> org.springframework.ldap.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:104)
>> at
>> org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:263)
>> at org.springframework.ldap.LdapTemplate.search
>> (LdapTemplate.java:314)
>> at
>> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUsernamePasswordInternal(BindLdapAuthenticationHandler.java:70)
>> at
>> org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.authenticate
>> (AbstractUsernamePasswordAuthenticationHandler.java:58)
>> at
>> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:79)
>> at
>> org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket
>> (CentralAuthenticationServiceImpl.java:282)
>> at
>> org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(AuthenticationViaFormAction.java:116)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke (Method.java:585)
>> at
>> org.springframework.webflow.util.DispatchMethodInvoker.invoke(DispatchMethodInvoker.java:105)
>> at
>> org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:136)
>> at
>> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:203)
>> at
>> org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.java:142)
>> at org.springframework.webflow.engine.ActionExecutor.execute
>> (ActionExecutor.java:61)
>> at
>> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180)
>> at org.springframework.webflow.engine.State.enter(State.java:200)
>> at org.springframework.webflow.engine.Transition.execute
>> (Transition.java:218)
>> at
>> org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
>> at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
>> at
>> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent
>> (RequestControlContextImpl.java:207)
>> at
>> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:185)
>> at org.springframework.webflow.engine.State.enter(State.java:200)
>> at org.springframework.webflow.engine.Transition.execute
>> (Transition.java:218)
>> at
>> org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
>> at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
>> at
>> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent
>> (RequestControlContextImpl.java:207)
>> at
>> org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowExecutionImpl.java:211)
>> at
>> org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImpl.java
>> :227)
>> at
>> org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:115)
>> at
>> org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java
>> :170)
>> at
>> org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
>> at
>> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java
>> :45)
>> at
>> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:820)
>> at
>> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:755)
>> at
>> org.springframework.web.servlet.FrameworkServlet.processRequest
>> (FrameworkServlet.java:396)
>> at
>> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:360)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
>> at javax.servlet.http.HttpServlet.service (HttpServlet.java:802)
>> at
>> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
>> at org.apache.catalina.core.StandardContextValve.invoke
>> (StandardContextValve.java:178)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
>> at org.apache.catalina.core.StandardEngineValve.invoke
>> (StandardEngineValve.java:107)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
>> at
>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
>> at
>> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection
>> (Http11BaseProtocol.java:664)
>> at
>> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
>> at
>> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java
>> :80)
>> at
>> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
>> at java.lang.Thread.run(Thread.java:595)
>> 2007-02-06 19:27:08,562 DEBUG
>> [org.springframework.web.servlet.DispatcherServlet ] - Testing
>> handler map
>> [org.springframework.web.servlet.handler.SimpleUrlHandlerMapping at 1f02b4b]
>> in DispatcherServlet with name 'cas'
>> 2007-02-06 19:27:08,578 DEBUG
>> [org.springframework.web.servlet.handler.SimpleUrlHandlerMapping
>> ] - Looking up handler for [/login]
>> 2007-02-06 19:27:08,578 DEBUG
>> [org.springframework.web.servlet.DispatcherServlet] - Testing
>> handler adapter
>> [org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter at aa4bf8]
>> 2007-02-06 19:27:08,578 DEBUG
>> [org.springframework.web.servlet.DispatcherServlet] - Testing
>> handler adapter
>> [org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter at c4bc6d]
>> 2007-02-06 19:27:08,578 DEBUG
>> [org.springframework.web.servlet.DispatcherServlet ] -
>> Last-Modified value for [/cas/login] is [-1]
>> 2007-02-06 19:27:08,578 DEBUG
>> [org.springframework.web.servlet.DispatcherServlet] -
>> DispatcherServlet with name 'cas' received request for [/cas/login]
>> 2007-02-06 19:27:08,578 DEBUG [
>> org.springframework.core.CollectionFactory] - Creating
>> [java.util.LinkedHashMap]
>> 2007-02-06 19:27:08,578 DEBUG
>> [org.springframework.web.servlet.DispatcherServlet] - Bound
>> request context to thread:
>> org.apache.catalina.connector.RequestFacade at 764091
>> 2007-02-06 19:27:08,578 DEBUG
>> [org.springframework.web.servlet.DispatcherServlet] - Testing
>> handler adapter
>> [org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter at aa4bf8]
>> 2007-02-06 19:27:08,578 DEBUG
>> [org.springframework.web.servlet.DispatcherServlet ] - Testing
>> handler adapter
>> [org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter at c4bc6d]
>> ##############################
>>
>> i have searched former mail-list of cas, there are some same
>> problems with me. but a few user to paste the correct answer, and
>> some situation is not adapt to me.
>>
>> and this is my ldap client information.
>>
>> ####################
>> Expanding base 'CN=Users,DC=OPDEVNET'...
>> Result <0>: (null)
>> Matched DNs:
>> Getting 1 entries:
>> >> Dn: CN=Users,DC=OPDEVNET
>> 2> objectClass: top; container;
>> 1> cn: Users;
>> 1> description: Default container for upgraded user accounts;
>> 1> distinguishedName: CN=Users,DC=OPDEVNET;
>> 1> instanceType: 0x4 = ( IT_WRITE );
>> 1> whenCreated: 11/7/2006 18:14:50 China Standard Time China
>> Standard Time;
>> 1> whenChanged: 11/7/2006 18:14:50 China Standard Time China
>> Standard Time;
>> 1> uSNCreated: 4304;
>> 1> uSNChanged: 4304;
>> 1> showInAdvancedViewOnly: FALSE;
>> 1> name: Users;
>> 1> objectGUID: 9105dc75-62e4-472e-a41f-acee515a0933;
>> 1> systemFlags: 0x8C000000 = ( FLAG_DISALLOW_DELETE |
>> FLAG_DOMAIN_DISALLOW_RENAME | FLAG_DOMAIN_DISALLOW_MOVE );
>> 1> objectCategory:
>> CN=Container,CN=Schema,CN=Configuration,DC=OPDEVNET;
>> 1> isCriticalSystemObject: TRUE;
>>
>> ###################
>>
>> 1、do i need a LDAP server's certificate to the JVM?
>> 2、what's the problem with my configure file?
>> 3、i have viewed the thread:
>> http://forum.java.sun.com/thread.jspa?messageID=4227692
>> <http://forum.java.sun.com/thread.jspa?messageID=4227692> but i
>> don't know what 's wrong with the configure in cas.
>>
>>
>> thank you in advance.
>>
>> oldman
>> 2/6/2007
>>
> hi :
> can you help me to solve the problem? thank you very much. i am
> new to cas.
>
>
> oldman
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070207/eebae155/attachment.html
More information about the cas
mailing list