LDAP: error code 50- failed on search operation

Dmitry Kochelaev dkochelaev at gmail.com
Fri May 4 06:20:29 EDT 2007 

Hello,

try
<property name="anonymousReadOnly" value="false" /> instead of "true",
since the anonymous look up is disabled, see the log you've attached:
"failed on search oper
ation: Anonymous binds have been disabled!"

On 5/4/07, xing luming <xingluming at hotmail.com> wrote:
>
>
>
> sorry, and this is my deployerConfigContext.xml
>
>
> <?xml version="1.0" encoding="UTF-8"?>
>
> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
> "http://www.springframework.org/dtd/spring-beans.dtd">
>
> <!--
>
> | deployerConfigContext.xml centralizes into one file some of the
> declarative configuration that
>
> | all CAS deployers will need to modify.
>
> |
>
> | This file declares some of the Spring-managed JavaBeans that make up a CAS
> deployment.
>
> | The beans declared in this file are instantiated at context initialization
> time by the Spring
>
> | ContextLoaderListener declared in web.xml. It finds this file because this
>
> | file is among those declared in the context parameter
> "contextConfigLocation".
>
> |
>
> | By far the most common change you will need to make in this file is to
> change the last bean
>
> | declaration to replace the default
> SimpleTestUsernamePasswordAuthenticationHandler with
>
> | one implementing your approach for authenticating usernames and passwords.
>
> +-->
>
> <beans>
>
> <!--
>
> | This bean declares our AuthenticationManager. The
> CentralAuthenticationService service bean
>
> | declared in applicationContext.xml picks up this AuthenticationManager by
> reference to its id,
>
> | "authenticationManager". Most deployers will be able to use the default
> AuthenticationManager
>
> | implementation and so do not need to change the class of this bean. We
> include the whole
>
> | AuthenticationManager here in the userConfigContext.xml so that you can
> see the things you will
>
> | need to change in context.
>
> +-->
>
> <bean id="authenticationManager"
>
> class="org.jasig.cas.authentication.AuthenticationManagerImpl">
>
> <!--
>
> | This is the List of CredentialToPrincipalResolvers that identify what
> Principal is trying to authenticate.
>
> | The AuthenticationManagerImpl considers them in order, finding a
> CredentialToPrincipalResolver which
>
> | supports the presented credentials.
>
> |
>
> | AuthenticationManagerImpl uses these resolvers for two purposes. First, it
> uses them to identify the Principal
>
> | attempting to authenticate to CAS /login . In the default configuration,
> it is the DefaultCredentialsToPrincipalResolver
>
> | that fills this role. If you are using some other kind of credentials than
> UsernamePasswordCredentials, you will need to replace
>
> | DefaultCredentialsToPrincipalResolver with a
> CredentialsToPrincipalResolver that supports the credentials you are
>
> | using.
>
> |
>
> | Second, AuthenticationManagerImpl uses these resolvers to identify a
> service requesting a proxy granting ticket.
>
> | In the default configuration, it is the
> HttpBasedServiceCredentialsToPrincipalResolver that serves
> this purpose.
>
> | You will need to change this list if you are identifying services by
> something more or other than their callback URL.
>
> +-->
>
> <property name="credentialsToPrincipalResolvers">
>
> <list>
>
> <!--
>
> | UsernamePasswordCredentialsToPrincipalResolver supports
> the UsernamePasswordCredentials that we use for /login
>
> | by default and produces SimplePrincipal instances conveying the username
> from the credentials.
>
> |
>
> | If you've changed your LoginFormAction to use credentials other than
> UsernamePasswordCredentials then you will also
>
> | need to change this bean declaration (or add additional declarations) to
> declare a CredentialsToPrincipalResolver that supports the
>
> | Credentials you are using.
>
> +-->
>
> <bean
>
> class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
> />
>
> <!--
>
> | HttpBasedServiceCredentialsToPrincipalResolver supports
> HttpBasedCredentials. It supports the CAS 2.0 approach of
>
> | authenticating services by SSL callback, extracting the callback URL from
> the Credentials and representing it as a
>
> | SimpleService identified by that callback URL.
>
> |
>
> | If you are representing services by something more or other than an HTTPS
> URL whereat they are able to
>
> | receive a proxy callback, you will need to change this bean declaration
> (or add additional declarations).
>
> +-->
>
> <bean
>
> class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
> />
>
> </list>
>
> </property>
>
> <!--
>
> | Whereas CredentialsToPrincipalResolvers identify who it is some
> Credentials might authenticate,
>
> | AuthenticationHandlers actually authenticate credentials. Here we declare
> the AuthenticationHandlers that
>
> | authenticate the Principals that the CredentialsToPrincipalResolvers
> identified. CAS will try these handlers in turn
>
> | until it finds one that both supports the Credentials presented and
> succeeds in authenticating.
>
> +-->
>
> <property name="authenticationHandlers">
>
> <list>
>
> <bean
>
> class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> >
>
> <property name="httpClient" ref="httpClient" />
>
> </bean>
>
>
>
> <bean
>
> class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
> >
>
> <property name="filter" value="uid=%u" />
>
> <property name="searchBase" value="ou=system" />
>
> <property name="contextSource" ref="contextSource" />
>
> </bean>
>
> </list>
>
> </property>
>
> </bean>
>
> <bean id="contextSource"
> class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
>
> <property name="anonymousReadOnly" value="true" />
>
> <property name="userName" value="uid=admin" />
>
> <property name="password" value="secret" />
>
> <property name="pooled" value="true" />
>
> <property name="urls">
>
> <list>
>
> <value>ldap://localhost:10389/</value>
>
> <value>ldap://localhost:10389/</value>
>
> </list>
>
> </property>
>
> <property name="baseEnvironmentProperties">
>
> <map>
>
> <entry>
>
> <key><value>java.naming.security.authentication</value></key>
>
> <value>simple</value>
>
> </entry>
>
> </map>
>
> </property>
>
> </bean>
>
> </beans>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> From: "xing luming"
> Reply-To: Yale CAS mailing list
> To: cas at tp.its.yale.edu
> Subject: LDAP: error code 50- failed on search operation
> Date: Fri, 04 May 2007 11:44:45 +0200
>
>
> thank you for your help! my cas is working now.
> but i have another error report. wenn i want to login.
>
> is there anything wrong in deployerConfigContext.xml?
>
> have i wrote wrong "filter" or "searchBase" or "userName" or anything else?
>
>
> 2007-05-04 09:33:14,428 ERROR
> [org.apache.catalina.core.ContainerBase.[Catalina]
> .[localhost].[/cas-web].[cas]] - ion>
> javax.naming.NoPermissionException: [LDAP: error code 50 -
> failed on search oper
> ation: Anonymous binds have been disabled!]; remaining name 'ou=system'
>         at
> com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2993)
>         at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
>         at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
>         at
> com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1808)
>         at
> com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)
>         at
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirCon
> text.java:368)
>         at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCom
> positeDirContext.java:338)
>         at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCom
> positeDirContext.java:321)
>         at
> javax.naming.directory.InitialDirContext.search(InitialDirContext.jav
> a:248)
>         at
> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler$1.executeSe
> arch(BindLdapAuthenticationHandler.java:74)
>         at
> org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:268)
>         at
> org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:314)
>         at
> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticat
> eUsernamePasswordInternal(BindLdapAuthenticationHandler.java:70)
>         at
> org.jasig.cas.authentication.handler.support.AbstractUsernamePassword
> AuthenticationHandler.authenticate(AbstractUsernamePasswordAuthenticationHandler
> .java:58)
>         at org.jasig.........
>
>
>
>
>
>
> and here is my system.ldif data.
>
>
>
>
> #-------------------------------------------------------------------------------
> # This file has been generated on 05.03.2007 at 11:15 from localhost:10389
> # by Softerra LDAP Browser 2.6 (http://www.ldapbrowser.com)
> #-------------------------------------------------------------------------------
> version: 1
> dn: ou=system
> ou: system
> objectClass: organizationalUnit
> objectClass: extensibleObject
> objectClass: top
> dn: uid=admin,ou=system
> sn: administrator
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: top
> cn: system administrator
> userPassword: secret
> uid: admin
> displayName: Directory Superuser
> dn: ou=users,ou=system
> ou: users
> objectClass: organizationalUnit
> objectClass: top
> dn: ou=groups,ou=system
> ou: groups
> objectClass: organizationalUnit
> objectClass: top
> dn: cn=administrators,ou=groups,ou=system
> objectClass: groupOfUniqueNames
> objectClass: top
> cn: Administrators
> uniqueMember: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
> dn: ou=configuration,ou=system
> ou: configuration
> objectClass: organizationalUnit
> objectClass: top
> dn: ou=partitions,ou=configuration,ou=system
> ou: partitions
> objectClass: organizationalUnit
> objectClass: top
> dn: ou=services,ou=configuration,ou=system
> ou: services
> objectClass: organizationalUnit
> objectClass: top
> dn: ou=interceptors,ou=configuration,ou=system
> ou: interceptors
> objectClass: organizationalUnit
> objectClass: top
> dn: prefNodeName=sysPrefRoot,ou=system
> objectClass: extensibleObject
> objectClass: top
> prefNodeName: sysPrefRoot
>
>
> thank you!!
>
>
>
> ʹÓà Live Messenger ÓëÁª»úµÄÅóÓѽøÐн»Á÷
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
> ________________________________
> ÓëÊÀ½ç¸÷µØµÄÁª»úµÄÅóÓѽøÐн»Á÷£¬Á¢¼´ÏÂÔØÃâ·ÑµÄ Live Messenger
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>


-- 
 Dmitry Kochelaev
 eVelopers Corporation

More information about the cas mailing list