How to config LDAP Authentication?

Scott Battaglia scott.battaglia at gmail.com
Sat Jan 20 17:15:46 EST 2007 

I don't believe an ldaps connection is mandatory but I would assume if you
are passing credentials to LDAP the secure connection would be better. I do
not, however, know how to configure that on the LDAP server.  If you use a
commercial certificate though, there will be no changes required for CAS (if
its a non-commercial certificate it would need to be added to the cacerts
file).

-Scott

On 1/17/07, Jeff <wji at ryerson.ca> wrote:
>
>  Since I don't have ldaps connection, I would like to know, if I have, is
> a client certification, which issued by ldap server mandatory? if yes, how
> to configure it? or simple import it to default cacert file by keytool?
>
> Jeff
>
> "Scott Battaglia" <scott.battaglia at gmail.com> wrote in message
> news:1bbd36a10701161946p3708654bh5529cafa7ca2d91 at mail.gmail.com...
> They renamed the property on us: the property is now "anonymousReadOnly"
> (it may or many not be necessary for you though).  SSL should not be
> manadatory (but make sure you configure the ContextSource correctly).  The
> catalina.out or the cas.log should contain the excecption for the "CAS is
> Unavailable Message".
>
> -Scott
>
> On 1/16/07, Jeff < wji at ryerson.ca> wrote:
> >
> >  Cool! I got a pace! thank you!
> >
> > But, actually I got new problem after I put kdapbp-1.0.jar into lib
> > directory. It says: "...Invalid property 'authenticatedReadOnly' of bean
> > class...", however, after I removed this property from the configuration
> > file, I reached the login page successfully. But after I inputed
> > username/password, I got the following response:
> >  CAS is Unavailable
> >
> > A general exception occurred while trying to access CAS. Please notify
> > your system administrator.
> >
> > And I can't find any trace ether directly from web page or cas.log file.
> > Since my OpenLDAP doesn't support SSL yet, and I saw the common of "This is
> > the authentication handler that authenticates services by means of callback
> > via SSL, thereby validating a server side SSL certificate." from
> > deployerConfigContext.xml, do you think a SSL available LDAP server is
> > mandatory? For your clear, I list my questions aboved below:
> >
> > 1. Why "authenticatedReadOnly" property can't work?
> > 2. What's means "CAS is Unavailable..."? and how can I get the detail
> > information?
> > 3. Is the SSL connection to LDAP Server mandatory? What will happend if
> > I connect to an Un-SSL available LDAP server?
> >
> > Thank you a lot
> >
> > Jeff
> >
> >
> >
> > "Scott Battaglia" < scott.battaglia at gmail.com> wrote in message
> > news:1bbd36a10701161213k27e37d12wc1afbd71db6d8fc5-JsoAwUIsXosN+BqQ9rBEUg at public.gmane.org
> > ...
> > Spring LDAP 1.1.2 included a new dependency that we were unaware
> > of at the time CAS 3.0.6 was created.  You can find the library in the standard Spring LDAP
> > 1.1.2 release or download it here:
> > https://svn.sourceforge.net/svnroot/springframework/repos/repo-ext/com/sun/ldapbp/1.0/ldapbp-1.0.jar
> >
> >
> > -Scott
> >
> > On 1/16/07, JA-SIG CAS Community < wji at ryerson.ca> wrote:
> > >
> > > Hi all
> > >
> > > I installed a Cas server successful, but when I tried to connect CAS
> > > to
> > > OpenLDAP, I got the following error message, when I open the login
> > > interface:
> > >
> > > --------------------------------------------------
> > > The Throwable encountered at context listener initialization was:
> > >
> > > org.springframework.beans.factory.BeanCreationException: Error
> > > creating bean
> > > with name 'centralAuthenticationService' defined in ServletContext
> > > resource
> > > [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean
> > > 'authenticationManager' while setting bean property
> > > 'authenticationManager';
> > > nested exception is
> > > org.springframework.beans.factory.BeanCreationException :
> > > Error creating bean with name 'authenticationManager' defined in
> > > ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot
> > > create
> > > inner bean
> > > 'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler #1060478 '
> > > while
> > > setting bean property 'authenticationHandlers' with key [1]; nested
> > > exception is org.springframework.beans.factory.BeanCreationException:
> > > Error
> > > creating bean with name
> > > 'org.jasig.cas.adaptors.ldap .BindLdapAuthenticationHandler#1060478 '
> > > defined
> > > in ServletContext resource [/WEB-INF/deployerConfigContext.xml]:
> > > Cannot
> > > resolve reference to bean 'contextSource' while setting bean property
> > > 'contextSource'; nested exception is
> > > org.springframework.beans.factory.BeanCreationException: Error
> > > creating bean
> > > with name 'contextSource' defined in ServletContext resource
> > > [/WEB-INF/deployerConfigContext.xml]: Instantiation of bean failed;
> > > nested
> > > exception is java.lang.NoClassDefFoundError:
> > > com.sun.jndi.ldap.ctl.ResponseControlFactory
> > > The Throwable encountered at dispatcher servlet initialization was:
> > >
> > > org.springframework.beans.factory.BeanCreationException : Error
> > > creating bean
> > > with name 'centralAuthenticationService' defined in ServletContext
> > > resource
> > > [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean
> > > 'authenticationManager' while setting bean property
> > > 'authenticationManager';
> > > nested exception is
> > > org.springframework.beans.factory.BeanCreationException:
> > > Error creating bean with name 'authenticationManager' defined in
> > > ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot
> > > create
> > > inner bean
> > > 'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#1060478'
> > > while
> > > setting bean property 'authenticationHandlers' with key [1]; nested
> > > exception is org.springframework.beans.factory.BeanCreationException :
> > > Error
> > > creating bean with name
> > > 'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#1060478'
> > > defined
> > > in ServletContext resource [/WEB-INF/deployerConfigContext.xml]:
> > > Cannot
> > > resolve reference to bean 'contextSource' while setting bean property
> > > 'contextSource'; nested exception is
> > > org.springframework.beans.factory.BeanCreationException: Error
> > > creating bean
> > > with name 'contextSource' defined in ServletContext resource
> > > [/WEB-INF/deployerConfigContext .xml]: Instantiation of bean failed;
> > > nested
> > > exception is java.lang.NoClassDefFoundError:
> > > com.sun.jndi.ldap.ctl.ResponseControlFactory
> > >
> > > ---------------------------------------------------
> > >
> > > As I configured my server forward
> > > http://www.ja-sig.org/products/cas/server/ldapauthhandler/index.html .
> > > I
> > > didn't find any information for applicationContext.xml configure. who
> > > can
> > > tell me what's the problem?
> > >
> > > BTW: My testing environment is CAS 3.0.6. spring-ldap1.1.2 and
> > > cas-server-ldap-3.0.6 are under WEB-INF/lib directory.
> > >
> > >
> > >
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> >
> >  ------------------------------
> >
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas-c5E7yoNEsvRIM2btvs0Z1A at public.gmane.org <cas at tp.its.yale.edu>
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
> >
>  ------------------------------
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070120/7e258ec2/attachment.html

More information about the cas mailing list