Yet More LDAP

Scott Battaglia scott.battaglia at gmail.com
Mon May 14 23:52:55 EDT 2007 

Rob,

Did you modify the version of deployerConfigContext.xml in
CAS_PROJECT_HOME/webapp/WEB-INF or did you modify the one that may appear in
localPlugins after running ant?  You'll want to modify the
CAS_PROJECT_HOME/webapp/WEB-INF one.  The one in localPlugins is a temporary
copy generated by the build process.  It gets overwritten.

Looking at your example though you'll need to make sure that your
ContextSource bean is outside of the AuthenticationManager bean (right now
its defined within the "authenticationHandlers" property of the
AuthenticationManager).

-Scott

On 5/14/07, Rob Wiltbank <chade at dtcc.edu> wrote:
>
> Greetings, folks.
>
> I'll be the first to admit I'm unfamiliar with Tomcat in general, so I
> do my best to explain my situation...  I'm running a RedHat Enterprise
> box with the appropriate Tomcat, Java and CAS packages installed.  I'm
> able to get the sample CAS to work and was even able to modify the
> default templates.
>
> I took a crack at writing my own deployerConfigContext.xml in an attempt
> to get LDAP authentication going (via Active Directory LDAP).  Yet, when
> I compile with 'ant war' and copy the new cas.war to
> /var/lib/tomcat5/webapps/ it's still doing the thing where if the
> username and password are of equal length, it 'authenticates'.  Any help
> on this is greatly appreciated.  Below is a copy of the
> deployerConfigContext.xml:
>
> <property name="authenticationHandlers">
>     <list>
>        <!--
>           | This is the authentication handler that authenticates
> services by means of callback via SSL, thereby validating
>           | a server side SSL certificate.
>           +-->
>        <bean
> class="
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler
> "
> />
>
>        <bean id="contextSource"
> class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
>             <property name="authenticatedReadOnly" value="true" />
>             <property name="userName" value="ldap_search_user" />
>             <property name="password" value="soopersecretpassword" />
>             <property name="urls">
>                <list>
>                   <value>ldaps://some-ad.college.edu/</value>
>                   <value>ldaps://some-ad2.college.edu/</value>
>                </list>
>             </property>
>
>             <property name="baseEnvironmentProperties">
>                <map>
>                   <entry>
>
> <key><value>java.naming.security.authentication</value></key>
>                      <value>simple</value>
>                   </entry>
>                </map>
>            </property>
>     </bean>
>
>        <!--
>           | This is the authentication handler declaration that every
> CAS deployer will need to change before deploying CAS
>           | into production.
>           | With this configuration you'll be using LDAP search-and-bind
> authentication.
>        +-->
>        <bean
> class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
>           <property name="filter" value="cn=%u" />
>           <property name="searchBase" value="ou=Domain
> Users,dc=college,dc=edu" />
>           <property name="contextSource" ref="contextSource" />
>        </bean>
>     </list>
> </property>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>



-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070514/3a3cebb5/attachment.html

More information about the cas mailing list