CAS + LDAP
Scott Battaglia
scott.battaglia at gmail.com
Thu May 3 15:07:00 EDT 2007
Your username should then be:
<property name="userName" value="cn=Manager,dc=chabaka,dc=net" />
-Scott
On 5/3/07, Zouhair BOUNOUALA <bozouhair at gmail.com> wrote:
>
> Hi,
>
> I have populate this two proprety as :
>
> <property name="userName" value="Manager" />
> <property name="password" value="password" />
>
> But I have the same error
>
> PS : I could connect in ssl with jxplorer client and my Manager of
> OpenLDAP tree is :
>
> cn=Manager,dc=chabaka,dc=net
>
> and my users tree is :
>
> uid=toto,ou=users,dc=chabaka,dc=net
>
> Thic could cause this error?
>
>
> <bean id="contextSource"
> class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
> <property name="anonymousReadOnly" value="false"/>
> <property name="password" value="password" />
> <property name="pooled" value="true" />
> <property name="urls">
> <list>
> <value>ldaps://127.0.0.1</value>
> <value>ldaps://127.0.0.1</value>
> </list>
> </property>
> <property name="userName" value="Manager" />
> <property name="baseEnvironmentProperties">
> <map>
> <entry>
> <key><value>
> java.naming.security.protocol</value></key>
> <value>ssl</value>
> </entry>
> <entry>
> <key><value>
> java.naming.security.authentication</value></key>
> <value>simple</value>
> </entry>
> </map>
> </property>
> </bean>
> </beans>
>
>
> Thanks for yr reply
>
> 2007/5/3, Dmitry Kochelaev <dkochelaev at gmail.com>:
> > Hello,
> >
> > populate
> > <property name="userName" value="{username_goes_here}" />
> > <property name="password" value="{password_goes_here}" />
> >
> > with correct values
> >
> > On 5/3/07, Zouhair BOUNOUALA <bozouhair at gmail.com> wrote:
> > > Hi,
> > >
> > > I have suuced to deploy my cas.war under tomcat. When I want to
> > > connect to my http://bidaya.chabaka.net:8080/cas/login?null I have one
> > > error : "CAS is UNvailable"
> > >
> > > I have this error in my catalina.out
> > >
> > > 2007-05-03 17:37:49,931 INFO
> > > [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
> > > <Starting cleaning of expired tickets from ticket registry at [Thu May
> > > 03 17:37:49 WET 2007]>
> > > 2007-05-03 17:37:49,931 INFO
> > > [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
> > > <0 found to be removed. Removing now.>
> > > 2007-05-03 17:37:49,931 INFO
> > > [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
> > > <Finished cleaning of expired tickets from ticket registry at [Thu May
> > > 03 17:37:49 WET 2007]>
> > > 2007-05-03 17:37:55,558 INFO
> > > [org.jasig.cas.web.flow.AutomaticCookiePathSetterAction] - <Setting
> > > ContextPath for cookies to: /cas>
> > > 2007-05-03 17:38:07,946 ERROR
> > > [org.apache.catalina.core.ContainerBase
> .[Catalina].[localhost].[/cas].[cas]]
> > > - <"Servlet.service()" pour la servlet cas a gÃ(c)nÃ(c)rÃ(c) une
> > > exception>
> > > javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]
> > > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java
> :2926)
> > > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java
> :2732)
> > > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
> > > at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
> > > at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(
> LdapCtxFactory.java:175)
> > > at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(
> LdapCtxFactory.java:193)
> > > at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(
> LdapCtxFactory.java:136)
> > > at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(
> LdapCtxFactory.java:66)
> > > at javax.naming.spi.NamingManager.getInitialContext(
> NamingManager.java:667)
> > > at javax.naming.InitialContext.getDefaultInitCtx(
> InitialContext.java:247)
> > > at javax.naming.InitialContext.init(InitialContext.java:223)
> > > at javax.naming.ldap.InitialLdapContext.<init>(
> InitialLdapContext.java:134)
> > > at
> org.springframework.ldap.support.LdapContextSource.getDirContextInstance(
> LdapContextSource.java:59)
> > > at
> org.springframework.ldap.support.AbstractContextSource.createContext(
> AbstractContextSource.java:193)
> > > at
> org.springframework.ldap.support.AbstractContextSource.getReadOnlyContext(
> AbstractContextSource.java:104)
> > > at org.springframework.ldap.LdapTemplate.search(
> LdapTemplate.java:263)
> > > at org.springframework.ldap.LdapTemplate.search(
> LdapTemplate.java:314)
> > > at
> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUsernamePasswordInternal
> (BindLdapAuthenticationHandler.java:70)
> > > at
> org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.authenticate
> (AbstractUsernamePasswordAuthenticationHandler.java:58)
> > > at
> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(
> AuthenticationManagerImpl.java:79)
> > > at
> org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(
> CentralAuthenticationServiceImpl.java:282)
> > > at org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(
> AuthenticationViaFormAction.java:116)
> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > > at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:39)
> > > at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:25)
> > > at java.lang.reflect.Method.invoke(Method.java:585)
> > > at
> org.springframework.webflow.util.DispatchMethodInvoker.invoke(
> DispatchMethodInvoker.java:103)
> > > at org.springframework.webflow.action.MultiAction.doExecute(
> MultiAction.java:136)
> > > at org.springframework.webflow.action.AbstractAction.execute(
> AbstractAction.java:203)
> > > at org.springframework.webflow.engine.AnnotatedAction.execute(
> AnnotatedAction.java:142)
> > > at org.springframework.webflow.engine.ActionExecutor.execute(
> ActionExecutor.java:61)
> > > at org.springframework.webflow.engine.ActionState.doEnter(
> ActionState.java:180)
> > > at org.springframework.webflow.engine.State.enter(State.java
> :200)
> > > at org.springframework.webflow.engine.Transition.execute(
> Transition.java:229)
> > > at
> org.springframework.webflow.engine.TransitionableState.onEvent(
> TransitionableState.java:112)
> > > at org.springframework.webflow.engine.Flow.onEvent(Flow.java
> :572)
> > > at
> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent
> (RequestControlContextImpl.java:207)
> > > at org.springframework.webflow.engine.ActionState.doEnter(
> ActionState.java:185)
> > > at org.springframework.webflow.engine.State.enter(State.java
> :200)
> > > at org.springframework.webflow.engine.Transition.execute(
> Transition.java:229)
> > > at
> org.springframework.webflow.engine.TransitionableState.onEvent(
> TransitionableState.java:112)
> > > at org.springframework.webflow.engine.Flow.onEvent(Flow.java
> :572)
> > > at
> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent
> (RequestControlContextImpl.java:207)
> > > at
> org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(
> FlowExecutionImpl.java:214)
> > > at
> org.springframework.webflow.executor.FlowExecutorImpl.resume(
> FlowExecutorImpl.java:238)
> > > at
> org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest
> (FlowRequestHandler.java:115)
> > > at
> org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal
> (FlowController.java:170)
> > > at
> org.springframework.web.servlet.mvc.AbstractController.handleRequest(
> AbstractController.java:153)
> > > at
> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(
> SimpleControllerHandlerAdapter.java:48)
> > > at
> org.springframework.web.servlet.DispatcherServlet.doDispatch(
> DispatcherServlet.java:819)
> > > at org.springframework.web.servlet.DispatcherServlet.doService
> (DispatcherServlet.java:754)
> > > at
> org.springframework.web.servlet.FrameworkServlet.processRequest(
> FrameworkServlet.java:399)
> > > at org.springframework.web.servlet.FrameworkServlet.doPost(
> FrameworkServlet.java:364)
> > > at javax.servlet.http.HttpServlet.service(HttpServlet.java
> :709)
> > > at javax.servlet.http.HttpServlet.service(HttpServlet.java
> :802)
> > > at org.jasig.cas.web.init.SafeDispatcherServlet.service(
> SafeDispatcherServlet.java:115)
> > > at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:252)
> > > at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:173)
> > > at org.apache.catalina.core.StandardWrapperValve.invoke(
> StandardWrapperValve.java:213)
> > > at org.apache.catalina.core.StandardContextValve.invoke(
> StandardContextValve.java:178)
> > > at org.apache.catalina.core.StandardHostValve.invoke(
> StandardHostValve.java:126)
> > > at org.apache.catalina.valves.ErrorReportValve.invoke(
> ErrorReportValve.java:105)
> > > at org.apache.catalina.core.StandardEngineValve.invoke(
> StandardEngineValve.java:107)
> > > at org.apache.catalina.connector.CoyoteAdapter.service(
> CoyoteAdapter.java:148)
> > > at org.apache.coyote.http11.Http11Processor.process(
> Http11Processor.java:869)
> > > at
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection
> (Http11BaseProtocol.java:664)
> > > at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(
> PoolTcpEndpoint.java:527)
> > > at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt
> (LeaderFollowerWorkerThread.java:80)
> > > at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
> ThreadPool.java:684)
> > > at java.lang.Thread.run(Thread.java:595)
> > >
> > > How could I resolve this problem?
> > >
> > > Thanks for everybody can help me!
> > >
> > > PS : My deployerConfigContext.xml configuartion
> > >
> > > <?xml version="1.0" encoding="UTF-8"?>
> > > <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
> > > "http://www.springframework.org/dtd/spring-beans.dtd">
> > > <!--
> > > | deployerConfigContext.xml centralizes into one file some of
> the
> > > declarative configuration that
> > > | all CAS deployers will need to modify.
> > > |
> > > | This file declares some of the Spring-managed JavaBeans that
> make
> > > up a CAS deployment.
> > > | The beans declared in this file are instantiated at context
> > > initialization time by the Spring
> > > | ContextLoaderListener declared in web.xml. It finds this
> file because this
> > > | file is among those declared in the context parameter
> > > "contextConfigLocation".
> > > |
> > > | By far the most common change you will need to make in this
> file is
> > > to change the last bean
> > > | declaration to replace the default
> > > SimpleTestUsernamePasswordAuthenticationHandler with
> > > | one implementing your approach for authenticating usernames
> and passwords.
> > > +-->
> > > <beans>
> > > <!--
> > > | This bean declares our AuthenticationManager. The
> > > CentralAuthenticationService service bean
> > > | declared in applicationContext.xml picks up this
> > > AuthenticationManager by reference to its id,
> > > | "authenticationManager". Most deployers will be
> able to use the
> > > default AuthenticationManager
> > > | implementation and so do not need to change the
> class of this
> > > bean. We include the whole
> > > | AuthenticationManager here in the
> userConfigContext.xml so that
> > > you can see the things you will
> > > | need to change in context.
> > > +-->
> > > <bean id="authenticationManager"
> > > class="
> org.jasig.cas.authentication.AuthenticationManagerImpl">
> > > <!--
> > > | This is the List of
> CredentialToPrincipalResolvers that identify
> > > what Principal is trying to authenticate.
> > > | The AuthenticationManagerImpl considers them
> in order, finding a
> > > CredentialToPrincipalResolver which
> > > | supports the presented credentials.
> > > |
> > > | AuthenticationManagerImpl uses these
> resolvers for two purposes.
> > > First, it uses them to identify the Principal
> > > | attempting to authenticate to CAS /login
> . In the default
> > > configuration, it is the DefaultCredentialsToPrincipalResolver
> > > | that fills this role. If you are using some
> other kind of
> > > credentials than UsernamePasswordCredentials, you will need to replace
> > > | DefaultCredentialsToPrincipalResolver with a
> > > CredentialsToPrincipalResolver that supports the credentials you are
> > > | using.
> > > |
> > > | Second, AuthenticationManagerImpl uses these
> resolvers to
> > > identify a service requesting a proxy granting ticket.
> > > | In the default configuration, it is the
> > > HttpBasedServiceCredentialsToPrincipalResolver that serves this
> > > purpose.
> > > | You will need to change this list if you are
> identifying services
> > > by something more or other than their callback URL.
> > > +-->
> > > <property name="credentialsToPrincipalResolvers">
> > > <list>
> > > <!--
> > > |
> UsernamePasswordCredentialsToPrincipalResolver supports the
> > > UsernamePasswordCredentials that we use for /login
> > > | by default and produces
> SimplePrincipal instances conveying the
> > > username from the credentials.
> > > |
> > > | If you've changed your
> LoginFormAction to use credentials other
> > > than UsernamePasswordCredentials then you will also
> > > | need to change this bean
> declaration (or add additional
> > > declarations) to declare a CredentialsToPrincipalResolver that
> > > supports the
> > > | Credentials you are using.
> > > +-->
> > > <bean
> > > class="
> org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver
> "
> > > />
> > > <!--
> > > |
> HttpBasedServiceCredentialsToPrincipalResolver supports
> > > HttpBasedCredentials. It supports the CAS 2.0 approach of
> > > | authenticating services by
> SSL callback, extracting the
> > > callback URL from the Credentials and representing it as a
> > > | SimpleService identified by
> that callback URL.
> > > |
> > > | If you are representing
> services by something more or other
> > > than an HTTPS URL whereat they are able to
> > > | receive a proxy callback,
> you will need to change this bean
> > > declaration (or add additional declarations).
> > > +-->
> > > <bean
> > > class="
> org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver
> "
> > > />
> > > </list>
> > > </property>
> > >
> > > <!--
> > > | Whereas CredentialsToPrincipalResolvers
> identify who it is some
> > > Credentials might authenticate,
> > > | AuthenticationHandlers actually authenticate
> credentials. Here
> > > we declare the AuthenticationHandlers that
> > > | authenticate the Principals that the
> > > CredentialsToPrincipalResolvers identified. CAS will try these
> > > handlers in turn
> > > | until it finds one that both supports the
> Credentials presented
> > > and succeeds in authenticating.
> > > +-->
> > > <property name="authenticationHandlers">
> > > <list>
> > > <!--
> > > | This is the authentication
> handler that authenticates services
> > > by means of callback via SSL, thereby validating
> > > | a server side SSL
> certificate.
> > > +-->
> > > <bean
> > > class="
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler
> ">
> > > <property name="httpClient"
> ref="httpClient" />
> > > </bean>
> > >
> > > <!--
> > > | This is the authentication
> handler declaration that every CAS
> > > deployer will need to change before deploying CAS
> > > | into production. The
> default
> > > SimpleTestUsernamePasswordAuthenticationHandler authenticates
> > > UsernamePasswordCredentials
> > > | where the username equals
> the password. You will need to
> > > replace this with an AuthenticationHandler that implements your
> > > | local authentication
> strategy. You might accomplish this by
> > > coding a new such handler and declaring
> > > |
> edu.someschool.its.cas.MySpecialHandler here, or you might use
> > > one of the handlers provided in the adaptors modules.
> > > +-->
> > > <bean
> > > class="
> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
> > > <property name="filter"
> value="uid=%u" />
> > > <property name="searchBase"
> value="ou=users,dc=chabaka,dc=net" />
> > > <property
> > > name="contextSource"
> > > ref="contextSource" />
> > > </bean>
> > > </list>
> > > </property>
> > > </bean>
> > >
> > > <bean id="contextSource"
> > > class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource
> ">
> > > <property name="anonymousReadOnly" value="false"/>
> > > <property name="password" value="{password_goes_here}"
> />
> > > <property name="pooled" value="true" />
> > > <property name="urls">
> > > <list>
> > > <value>ldaps://127.0.0.1</value>
> > > <value>ldaps://127.0.0.1</value>
> > > </list>
> > > </property>
> > > <property name="userName" value="{username_goes_here}"
> />
> > > <property name="baseEnvironmentProperties">
> > > <map>
> > > <entry>
> > > <key><value>
> java.naming.security.protocol</value></key>
> > > <value>ssl</value>
> > > </entry>
> > > <entry>
> > > <key><value>
> java.naming.security.authentication</value></key>
> > > <value>simple</value>
> > > </entry>
> > > </map>
> > > </property>
> > > </bean>
> > > </beans>
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> >
> >
> > --
> > Dmitry Kochelaev
> > eVelopers Corporation
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070503/57acc9cc/attachment.html
More information about the cas
mailing list