what's wrong with LDAP search-and-bind authentication! help!
gmail
jali0681 at gmail.com
Wed Feb 7 11:34:44 EST 2007
thanks , i will try to find a solution.
thank you very much
old man
Scott Battaglia wrote:
> I'm not familiar with how Active Directory needs to be configured when
> accessed through the Java LDAP libraries nor do I run an Active
> Directory server to try it out. You will need to do a search for your
> exception and see what they recommend unless someone here has any
> experience with that exception (which I don't think anyone does).
>
> That forum posting you looked at before looked like a good match.
>
> -Scott
>
> On 2/7/07, *gmail* <jali0681 at gmail.com <mailto:jali0681 at gmail.com>>
> wrote:
>
> hi scott:
> i can login "OPDEVNET" with windows ldp client.(ldp.exe) with
> username: administrator, password: mypassword. so it is not this
> problem. and the users in the domain. i only create one user ex:
> username: jahia password: jahia, i try to create a ou: onepoint
> and a group: testjahia, then i add the user(jahia) to the
> group(testjahia) which belongs to the organization unit(onepoint).
>
> then i try to connect LDAP with :
> 1、 <property name="searchBase" value="cn=users,dc=OPDEVNET" />
> 2、 <property name="searchBase" value="ou=onepoint,dc=OPDEVNET" />
> 3、 <property name="searchBase" value="cn=testjahia,
> ou=onepoint,dc=OPDEVNET" />
> .....
> all the cases do not work!
>
> help me ! thanks
> oldman
> 2/7/2007
>
>
>
> Scott Battaglia wrote:
>> Its most likely something with your directory server based on
>> what that forum says. Have you tried other usernames? Checked
>> into the username you are trying to authenticate, etc.?
>>
>> On 2/7/07, *gmail* <jali0681 at gmail.com
>> <mailto:jali0681 at gmail.com>> wrote:
>>
>> Old Man:
>>> hi:
>>>
>>> i config the deployerConfigContext.xml file according to guide.
>>> http://www.ja-sig.org/products/cas/server/ldapauthhandler/index.html
>>> <http://www.ja-sig.org/products/cas/server/ldapauthhandler/index.html>
>>> but i get the screen below, when i login on server.
>>>
>>> -------------------------------------
>>>
>>>
>>> CAS is Unavailable
>>>
>>> A general exception occurred while trying to access CAS.
>>> Please notify your system administrator.
>>>
>>> ----------------------------------------
>>>
>>> i use windows ldap client to connect AD, and it works.
>>> i use cas-server 3.0.6 and tomcat 5.5.17 in jahia. and my
>>> jdk 1.5.0.6 <http://1.5.0.6>
>>> below is the configure of the deployerConfigContext.xml file
>>>
>>> --------------------------------
>>> <beans>
>>>
>>> <bean id="authenticationManager"
>>> class="org.jasig.cas.authentication.AuthenticationManagerImpl">
>>>
>>>
>>> <property name="credentialsToPrincipalResolvers">
>>> <list>
>>>
>>> <bean
>>> class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
>>> />
>>>
>>> <bean
>>> class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
>>> />
>>> </list>
>>> </property>
>>>
>>> <property name="authenticationHandlers">
>>> <list>
>>>
>>> <bean
>>> class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
>>> />
>>>
>>>
>>> <bean
>>> class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
>>> >
>>> <property name="filter" value="uid=%u" />
>>> <property name="searchBase" value="cn=users,dc=OPDEVNET" />
>>> <property name="contextSource" ref="contextSource" />
>>> </bean>
>>>
>>> </list>
>>> </property>
>>> </bean>
>>>
>>> <bean id="contextSource"
>>> class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
>>>
>>> <property name="userName" value="administrator" /> <!--this
>>> is the user logining to the AD server -->
>>> <property name="password" value="mypassword" /> <!--password-->
>>> <property name="urls">
>>> <list>
>>> <value>ldap://onepoint-winser:389/</value> <!-- AD server -->
>>> </list>
>>> </property>
>>> <property name="baseEnvironmentProperties">
>>> <map>
>>> <entry>
>>> <key><value>java.naming.security.authentication</value></key>
>>> <value>simple</value>
>>> </entry>
>>> </map>
>>> </property>
>>> </bean>
>>> </beans>
>>>
>>> ----------------------------
>>>
>>> these are the errors :
>>>
>>> #######################################
>>> 2007-02-06 19:27:08,328 DEBUG
>>> [org.springframework.web.context.support.XmlWebApplicationContext]
>>> - Publishing event in context [WebApplicationContext for
>>> namespace 'cas-servlet']: ServletRequestHandledEvent:
>>> url=[/cas/login]; client=[ 127.0.0.1 <http://127.0.0.1>];
>>> method=[POST]; servlet=[cas];
>>> session=[D7EDB30B1CD13924918BA779F9B2EC94]; user=[null];
>>> time=[203ms]; status=[failed:
>>> org.springframework.webflow.engine.ActionExecutionException:
>>> Exception thrown executing [ AnnotatedAction at c44deb
>>> targetAction =
>>> org.jasig.cas.web.flow.AuthenticationViaFormAction at 1b4b88d,
>>> attributes = map['method' -> 'submit']] in state 'submit' of
>>> flow 'login-webflow' -- action execution attributes were
>>> 'map['method' -> 'submit']'; nested exception is
>>> org.springframework.ldap.UncategorizedLdapException:
>>> Operation failed; nested exception is
>>> javax.naming.AuthenticationException: [LDAP: error code 49 -
>>> 80090308: LdapErr: DSID-0C090334, comment:
>>> AcceptSecurityContext error, data 525, vece ]]
>>> 2007-02-06 19:27:08,328 DEBUG
>>> [org.springframework.web.context.support.XmlWebApplicationContext]
>>> - Publishing event in context [Root WebApplicationContext]:
>>> ServletRequestHandledEvent: url=[/cas/login]; client=[
>>> 127.0.0.1 <http://127.0.0.1>]; method=[POST]; servlet=[cas];
>>> session=[D7EDB30B1CD13924918BA779F9B2EC94]; user=[null];
>>> time=[203ms]; status=[failed:
>>> org.springframework.webflow.engine.ActionExecutionException:
>>> Exception thrown executing [ AnnotatedAction at c44deb
>>> targetAction =
>>> org.jasig.cas.web.flow.AuthenticationViaFormAction at 1b4b88d,
>>> attributes = map['method' -> 'submit']] in state 'submit' of
>>> flow 'login-webflow' -- action execution attributes were
>>> 'map['method' -> 'submit']'; nested exception is
>>> org.springframework.ldap.UncategorizedLdapException:
>>> Operation failed; nested exception is
>>> javax.naming.AuthenticationException: [LDAP: error code 49 -
>>> 80090308: LdapErr: DSID-0C090334, comment:
>>> AcceptSecurityContext error, data 525, vece ]]
>>> 2007-02-06 19:27:08,328 ERROR
>>> [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cas].[cas]]
>>> - Servlet.service() for servlet cas threw exception
>>> javax.naming.AuthenticationException: [LDAP: error code 49 -
>>> 80090308: LdapErr: DSID-0C090334, comment:
>>> AcceptSecurityContext error, data 525, vece ]
>>> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985)
>>> at
>>> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
>>> at
>>> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
>>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
>>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
>>> at
>>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>>> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs
>>> (LdapCtxFactory.java:193)
>>> at
>>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>>> at
>>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
>>> at javax.naming.spi.NamingManager.getInitialContext
>>> (NamingManager.java:667)
>>> at
>>> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
>>> at javax.naming.InitialContext.init(InitialContext.java:223)
>>> at javax.naming.ldap.InitialLdapContext.<init>(
>>> InitialLdapContext.java:134)
>>> at
>>> org.springframework.ldap.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:59)
>>> at
>>> org.springframework.ldap.support.AbstractContextSource.createContext(AbstractContextSource.java
>>> :193)
>>> at
>>> org.springframework.ldap.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:104)
>>> at
>>> org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:263)
>>> at org.springframework.ldap.LdapTemplate.search
>>> (LdapTemplate.java:314)
>>> at
>>> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUsernamePasswordInternal(BindLdapAuthenticationHandler.java:70)
>>> at
>>> org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.authenticate
>>> (AbstractUsernamePasswordAuthenticationHandler.java:58)
>>> at
>>> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:79)
>>> at
>>> org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket
>>> (CentralAuthenticationServiceImpl.java:282)
>>> at
>>> org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(AuthenticationViaFormAction.java:116)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>> at java.lang.reflect.Method.invoke (Method.java:585)
>>> at
>>> org.springframework.webflow.util.DispatchMethodInvoker.invoke(DispatchMethodInvoker.java:105)
>>> at
>>> org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:136)
>>> at
>>> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:203)
>>> at
>>> org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.java:142)
>>> at org.springframework.webflow.engine.ActionExecutor.execute
>>> (ActionExecutor.java:61)
>>> at
>>> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180)
>>> at
>>> org.springframework.webflow.engine.State.enter(State.java:200)
>>> at org.springframework.webflow.engine.Transition.execute
>>> (Transition.java:218)
>>> at
>>> org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
>>> at
>>> org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
>>> at
>>> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent
>>> (RequestControlContextImpl.java:207)
>>> at
>>> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:185)
>>> at
>>> org.springframework.webflow.engine.State.enter(State.java:200)
>>> at org.springframework.webflow.engine.Transition.execute
>>> (Transition.java:218)
>>> at
>>> org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
>>> at
>>> org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
>>> at
>>> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent
>>> (RequestControlContextImpl.java:207)
>>> at
>>> org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowExecutionImpl.java:211)
>>> at
>>> org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImpl.java
>>> :227)
>>> at
>>> org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:115)
>>> at
>>> org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java
>>> :170)
>>> at
>>> org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
>>> at
>>> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java
>>> :45)
>>> at
>>> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:820)
>>> at
>>> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:755)
>>> at
>>> org.springframework.web.servlet.FrameworkServlet.processRequest
>>> (FrameworkServlet.java:396)
>>> at
>>> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:360)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
>>> at javax.servlet.http.HttpServlet.service (HttpServlet.java:802)
>>> at
>>> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
>>>
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
>>> at
>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
>>> at org.apache.catalina.core.StandardContextValve.invoke
>>> (StandardContextValve.java:178)
>>> at
>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
>>> at
>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
>>> at org.apache.catalina.core.StandardEngineValve.invoke
>>> (StandardEngineValve.java:107)
>>> at
>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
>>> at
>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
>>> at
>>> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection
>>> (Http11BaseProtocol.java:664)
>>> at
>>> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
>>> at
>>> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java
>>> :80)
>>> at
>>> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
>>> at java.lang.Thread.run(Thread.java:595)
>>> 2007-02-06 19:27:08,562 DEBUG
>>> [org.springframework.web.servlet.DispatcherServlet ] -
>>> Testing handler map
>>> [org.springframework.web.servlet.handler.SimpleUrlHandlerMapping at 1f02b4b]
>>> in DispatcherServlet with name 'cas'
>>> 2007-02-06 19:27:08,578 DEBUG
>>> [org.springframework.web.servlet.handler.SimpleUrlHandlerMapping
>>> ] - Looking up handler for [/login]
>>> 2007-02-06 19:27:08,578 DEBUG
>>> [org.springframework.web.servlet.DispatcherServlet] -
>>> Testing handler adapter
>>> [org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter at aa4bf8]
>>> 2007-02-06 19:27:08,578 DEBUG
>>> [org.springframework.web.servlet.DispatcherServlet] -
>>> Testing handler adapter
>>> [org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter at c4bc6d]
>>> 2007-02-06 19:27:08,578 DEBUG
>>> [org.springframework.web.servlet.DispatcherServlet ] -
>>> Last-Modified value for [/cas/login] is [-1]
>>> 2007-02-06 19:27:08,578 DEBUG
>>> [org.springframework.web.servlet.DispatcherServlet] -
>>> DispatcherServlet with name 'cas' received request for
>>> [/cas/login]
>>> 2007-02-06 19:27:08,578 DEBUG [
>>> org.springframework.core.CollectionFactory] - Creating
>>> [java.util.LinkedHashMap]
>>> 2007-02-06 19:27:08,578 DEBUG
>>> [org.springframework.web.servlet.DispatcherServlet] - Bound
>>> request context to thread:
>>> org.apache.catalina.connector.RequestFacade at 764091
>>> 2007-02-06 19:27:08,578 DEBUG
>>> [org.springframework.web.servlet.DispatcherServlet] -
>>> Testing handler adapter
>>> [org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter at aa4bf8]
>>> 2007-02-06 19:27:08,578 DEBUG
>>> [org.springframework.web.servlet.DispatcherServlet ] -
>>> Testing handler adapter
>>> [org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter at c4bc6d]
>>> ##############################
>>>
>>> i have searched former mail-list of cas, there are some same
>>> problems with me. but a few user to paste the correct
>>> answer, and some situation is not adapt to me.
>>>
>>> and this is my ldap client information.
>>>
>>> ####################
>>> Expanding base 'CN=Users,DC=OPDEVNET'...
>>> Result <0>: (null)
>>> Matched DNs:
>>> Getting 1 entries:
>>> >> Dn: CN=Users,DC=OPDEVNET
>>> 2> objectClass: top; container;
>>> 1> cn: Users;
>>> 1> description: Default container for upgraded user accounts;
>>> 1> distinguishedName: CN=Users,DC=OPDEVNET;
>>> 1> instanceType: 0x4 = ( IT_WRITE );
>>> 1> whenCreated: 11/7/2006 18:14:50 China Standard Time China
>>> Standard Time;
>>> 1> whenChanged: 11/7/2006 18:14:50 China Standard Time China
>>> Standard Time;
>>> 1> uSNCreated: 4304;
>>> 1> uSNChanged: 4304;
>>> 1> showInAdvancedViewOnly: FALSE;
>>> 1> name: Users;
>>> 1> objectGUID: 9105dc75-62e4-472e-a41f-acee515a0933;
>>> 1> systemFlags: 0x8C000000 = ( FLAG_DISALLOW_DELETE |
>>> FLAG_DOMAIN_DISALLOW_RENAME | FLAG_DOMAIN_DISALLOW_MOVE );
>>> 1> objectCategory:
>>> CN=Container,CN=Schema,CN=Configuration,DC=OPDEVNET;
>>> 1> isCriticalSystemObject: TRUE;
>>>
>>> ###################
>>>
>>> 1、do i need a LDAP server's certificate to the JVM?
>>> 2、what's the problem with my configure file?
>>> 3、i have viewed the thread:
>>> http://forum.java.sun.com/thread.jspa?messageID=4227692
>>> <http://forum.java.sun.com/thread.jspa?messageID=4227692>but
>>> i don't know what 's wrong with the configure in cas.
>>>
>>>
>>> thank you in advance.
>>>
>>> oldman
>>> 2/6/2007
>>>
>> hi :
>> can you help me to solve the problem? thank you very much. i
>> am new to cas.
>>
>>
>> oldman
>>
>>
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070208/10629d1a/attachment.html
More information about the cas
mailing list