CAS and LDAP configuration questions
Juan Francisco Fernández Rodríguez
juanffernandez at faffe.es
Wed Oct 10 08:02:44 EDT 2007
I had the same problem when trying to connect my CAS instance with an AD
server with FastBind. I think the problem is that FastBind try to do an
anonymous bind to LDAP server, so if you don’t allow anonymous bind in the
server, you cant shearch. I have solve it modifying the
FastBindAuthentication handler to check the credentials with jndi, I will
try to explain it fast:
Debuggin it, I get the error in FastBindLdapAuthenticationHandler.java, line
32:
dirContext = this.getContextSource().getDirContext(
LdapUtils.getFilterWithValues(getFilter(), credentials
.getUsername()), credentials.getPassword());
The getDirContext method always give me the Ldap invalid user exception. I
have replace it with this code:
ConJNDI conn = new ConJNDI("ldap_server_host", "ldap_server_port",
LdapUtils.getFilterWithValues(getFilter(),
credentials
.getUsername()),
credentials.getPassword(),
"ldap_node");
dirContext = conn.open();
The class ConJNDI will look like this:
/*
* ConJNDI.java
*/
package com.jdbc.JNDIConn;
import java.io.Serializable;
import java.util.Properties;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import com.jdbc.JNDIConn.ConJNDI;
public class ConJNDI implements Serializable{
private String vl_server = "localhost";
private String vl_port = "389";
private String vl_node;
private String vl_dn = null;
private String vl_passw= null;
public ConJNDI() { }
public ConJNDI(String Server,String port, String dn,String
passw,String nodo) {
vl_server = Server;
vl_port = port;
vl_dn = dn;
vl_passw = passw;
vl_node = nodo;
}
public void close(DirContext dc) {
try {
dc.close();
} catch (NamingException namingexception) {
/* empty */
}
}
public DirContext open() throws NamingException {
Properties env = new Properties();
env.put("java.naming.factory.initial",
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://" + vl_server
+ ":" + vl_port + "/" + vl_node);
if (vl_dn != null) {
env.put(Context.SECURITY_PRINCIPAL,
vl_dn);
env.put(Context.SECURITY_CREDENTIALS,
vl_passw);
}
DirContext dirContext = new InitialDirContext(env);
return dirContext;
}
}
Then import the package in FastBindAuthenticationHandler.java:
import com.jdbc.JNDIConn.ConJNDI;
Remember to include jndi.jar in lib directory.
I have write this mail in a very busy moment at work, if anyone need more
help on this matter, I will try to explain it better. Also you can ask for
the jar files if you cant make
Greets.
_____
De: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] En
nombre de Scott Battaglia
Enviado el: lunes, 08 de octubre de 2007 3:10
Para: Yale CAS mailing list
Asunto: Re: CAS and LDAP configuration questions
You should see a stack trace (I believe) if the certificate is a problem.
Any chance that your filter or your base might not be set up correctly?
-Scott
On 10/5/07, Fluhr, Tim <fluhrt at actforchildren.org> wrote:
Thanks for the direction. Things seemed to work better after I deleted the
previous CAS directory. It looks like its trying to use the
FastBindLdapAuthenticationHandler now, but I don't think its actually
hitting my ldap.
from catalina.out
<AuthenticationHandler:
org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler failed to
authenticate the user which provided the following credentials: drupal>
I wonder if my ssl certificate is messed up maybe? Any other thoughts.
Thanks all.
-tim
_____
From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] On
Behalf Of Scott Battaglia
Sent: Thursday, October 04, 2007 4:37 PM
To: Yale CAS mailing list
Subject: Re: CAS and LDAP configuration questions
Tim,
Just to be sure, you're moving target/cas.war to the TOMCAT_HOME/webapps
directory. If you have a previous version of CAS in there I would recommend
you delete the cas directory and the war file just in case there is some
issue with deployment. Also, remove the reference to the
SimpleTestUsernamePasswordAuthenticationHandler in the
deployerConfigContext.xml if it exists.
-Scott
On 10/4/07, Fluhr, Tim <fluhrt at actforchildren.org > wrote:
Great!
I have run mvn package in cas-server-webapp and now I have a target
directory inside of cas-server-webapp. Now do I move the new cas.war to the
webapps/tomcat5.5 directory and restart tomcat? I tried this and edited my
deployerConfigContext.html to reflect my ldap configurations but I'm still
only able to login with NetID=password.
I'm getting this in my cas.log.
SimpleTestUsernamePasswordAuthenticationHandler failed to authenticate the
user which provided the following credentials: fluhrt
Thanks for your help everyone.
-tim
_____
From: cas-bounces at tp.its.yale.edu [mailto:
<mailto:cas-bounces at tp.its.yale.edu> cas-bounces at tp.its.yale.edu] On Behalf
Of Scott Battaglia
Sent: Thursday, October 04, 2007 3:34 PM
To: Yale CAS mailing list
Subject: Re: CAS and LDAP configuration questions
Tim,
That dependency needs to be in the pom.xml in the cas-server-webapp, as the
webapp is now dependent on LDAP. Then you'll rebuild the war by executing
"mvn package" in the cas-server-webapp module.
-Scott
On 10/4/07, Fluhr, Tim <fluhrt at actforchildren.org> wrote:
Thanks again all for being incredibly quick and tolerant with a noob.
my pom.xml includes the following...
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>cas-server-support-ldap</artifactId>
<version>${project.version}</version>
</dependency>
So now must I run mvn package install from the cas-server-support-ldap
directory? Will that then build the war with the proper jars? After that I
place it in the webapps dir?
Thanks.
-tim
_____
From: cas-bounces at tp.its.yale.edu [mailto:
<mailto:cas-bounces at tp.its.yale.edu> cas-bounces at tp.its.yale.edu] On Behalf
Of Scott Battaglia
Sent: Thursday, October 04, 2007 2:52 PM
To: Yale CAS mailing list
Subject: Re: CAS and LDAP configuration questions
The first line of your stack trace tells you the problem :-)
java.lang.ClassNotFoundException:
org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource
You're missing the required LDAP jars (or there is a typo I am not seeing).
You forgot to include the dependency in the
pom.xml for cas-server-webapp.
Once you add it, and then run "mvn package" again it should generate a war
with the correct jars.
-Scott
On 10/4/07, Fluhr, Tim <fluhrt at actforchildren.org> wrote:
Hello.
I have changed deployerConfigContext and pom.xml and now I no longer get a
login page. I get a 404 error. I attached the tail of catalina.out.
Thanks for the help all. I'm quite new to this so im learning as I go.
-tim
_____
From: cas-bounces at tp.its.yale.edu [mailto:
<mailto:cas-bounces at tp.its.yale.edu> cas-bounces at tp.its.yale.edu] On Behalf
Of Scott Battaglia
Sent: Thursday, October 04, 2007 2:04 PM
To: Yale CAS mailing list
Subject: Re: CAS and LDAP configuration questions
This may help:
http://www.ja-sig.org/wiki/display/CASUM/LDAP
-Scott
On 10/4/07, Richard Kheir <richard.kheir at villanova.edu> wrote:
Check for the connection type for your LDAP and set the correct
authentication handler with the correct settings.
From: cas-bounces at tp.its.yale.edu <mailto:cas-bounces at tp.its.yale.edu>
[mailto:cas-bounces at tp.its.yale.edu] On Behalf Of Fluhr, Tim
Sent: Thursday, October 04, 2007 2:28 PM
To: cas at tp.its.yale.edu
Subject: CAS and LDAP configuration questions
Hello all.
I'm trying to get CAS to authenticate against my LDAP but I think I am
missing something. I am able to authenticate using the NetID=password
method without any problems. I am not able to, however, authenticate using
any valid LDAP credentials. I get the following errors...
The credentials you provided cannot be determined to be authentic.
and from catalina.out...
2007-10-04 13:24:15,248 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthe
nticationHandler failed to authenticate the user which provided the
following credentials: drupal>
Do I have to create a cas.war in the cas-server-support-ldap directory and
then move it to webapps? This is where I am stuck. Any help would be
appreciated.
Thanks.
-tim
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
<http://www.linkedin.com/in/scottbattaglia>
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20071010/259a121b/attachment.html
More information about the cas
mailing list