CAS and LDAP problem
Scott Battaglia
scott.battaglia at gmail.com
Tue Oct 23 09:05:40 EDT 2007
To expand upon what Andrew said, if you are doing anonymous binds lookups
then you'll want to remove the username and password. Otherwise, you'll
want to set anonymousReadOnly to false.
In general, in my experience, you'll most likely want to set
anonymousReadOnly to false.
On 10/23/07, Andrew R Feller <afelle1 at lsu.edu> wrote:
>
> Remove the "password" property off of your
> AuthenticatedLdapContextSource; you cannot connect as anonymousReadOnly
> and specify a password. =P
>
> Andrew R Feller, Analyst
> Subversion Administrator
> University Information Systems
> Louisiana State University
> afelle1 at lsu.edu
> (office) 225.578.3737
>
> -----Original Message-----
> From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu]
> On Behalf Of Tarik Arrad
> Sent: Tuesday, October 23, 2007 7:50 AM
> To: cas at tp.its.yale.edu
> Subject: Re: CAS and LDAP problem
>
>
> Hi Scott
> I'm doing authenticated reading.
> My authentication handler look like this :
> <bean
>
> class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
> <property name="filter"
> value="uid=%u" />
> <property name="searchBase"
> value="dc=inspire-media,dc=ma" />
> <property name="contextSource"
> ref="contextSource" />
> </bean>
> </list>
> </property>
> </bean>
> <bean id="contextSource"
> class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
> <property name="userName"
> value="cn=Manager,dc=inspire-media,dc=ma" />
> <property name="anonymousReadOnly" value="True" />
> <property name="password" value="password" />
> <property name="pooled" value="true" />
> <property name="urls">
> <list>
> <value>ldap://localhost:389/</value>
> </list>
> </property>
> <property name="baseEnvironmentProperties">
> <map>
> <!--<entry>
>
> <key><value>java.naming.security.protocol</value></key>
> <value>ssl</value>
> </entry>-->
> <entry>
>
> <key><value>java.naming.security.authentication</value></key>
> <value>simple</value>
> </entry>
> </map>
> </property>
> </bean>
>
>
>
>
> scott_battaglia wrote:
> >
> > Tarik,
> >
> > First, if you have a question please send the message once to the CAS
> > users
> > list. It generates less noise that way. You do not increase your
> chances
> > of getting a response by sending it multiple times in such a short
> period
> > of
> > time (I should also never be emailed personally if you have a
> question).
> >
> > As for your question, if you are having trouble logging in via LDAP,
> > ensure
> > the following:
> > you are doing authenticated reading (providing a username and password
> in
> > the Context with the appropriate LDAP properties set for your
> > configuration)
> > and ensure that your filter and base are set correctly.
> >
> > This page gives some example configurations of the Context and
> properties.
> > Note that your configuration may be different:
> > http://www.ja-sig.org/wiki/display/CASUM/LDAP
> >
> > Thanks
> > -Scott
> >
> > On 10/23/07, Tarik Arrad <t.arrad at gmail.com> wrote:
> >>
> >>
> >> I'm trying to deploy CAS with LDAP (OpenLDAP), after authentication i
> >> have
> >> this log messages :
> >>
> >> 2007-10-23 10:19:25,770 INFO [
> >> org.jasig.cas.web.flow.InitialFlowSetupAction]
> >> - <Setting ContextPath for cookies to: /cas>
> >> 2007-10-23 10:19:30,920 INFO
> >> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> >> <AuthenticationHandler:
> >> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler failed to
> >> authenticate the user which provided the following credentials:
> Driss>
> >> Exception in thread "Store ticketCache Expiry Thread"
> >> java.lang.NullPointerException
> >> at org.apache.log4j.LogManager.getLogger(LogManager.java:188)
> >> at org.apache.log4j.Logger.getLogger(Logger.java:104)
> >> at
> >>
> org.apache.commons.logging.impl.Log4JLogger.getLogger(Log4JLogger.java
> >> :283)
> >> at
> >> org.apache.commons.logging.impl.Log4JLogger.isDebugEnabled(
> >> Log4JLogger.java:293)
> >> at
> >> net.sf.ehcache.store.DiskStore.expiryThreadMain(DiskStore.java:834)
> >> at net.sf.ehcache.store.DiskStore.access$700(DiskStore.java:59)
> >> at net.sf.ehcache.store.DiskStore$ExpiryThread.run(DiskStore.java
> >> :1008)
> >> 2007-10-23 10:20:44,687 INFO
> >> [org.jasig.cas.web.flow.AuthenticationViaFormAction] -
> <FormObjectClass
> >> not
> >> set. Using default class of
> >> org.jasig.cas.authentication.principal.UsernamePasswordCredentials
> with
> >> formObjectName credentials and validator
> >> org.jasig.cas.validation.UsernamePasswordCredentialsValidator.>
> >> 2007-10-23 10:20:47,878 INFO [
> >> org.jasig.cas.web.flow.InitialFlowSetupAction]
> >> - <Setting ContextPath for cookies to: /cas>
> >> 2007-10-23 10:20:53,176 INFO
> >> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> >> <AuthenticationHandler:
> >> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler failed to
> >> authenticate the user which provided the following credentials:
> Tarik>
> >> 2007-10-23 10:20:59,737 INFO
> >> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> >> <AuthenticationHandler:
> >> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler failed to
> >> authenticate the user which provided the following credentials:
> Manager>
> >> 2007-10-23 10:21:03,940 INFO
> >> [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner]
> -
> >> <Starting cleaning of expired tickets from ticket registry at [Tue
> Oct 23
> >> 10:21:03 WET 2007]>
> >> 2007-10-23 10:21:03,940 INFO
> >> [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner]
> - <0
> >> found to be removed. Removing now.>
> >> 2007-10-23 10:21:03,940 INFO
> >> [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner]
> -
> >> <Finished cleaning of expired tickets from ticket registry at [Tue
> Oct 23
> >> 10:21:03 WET 2007]>
> >> 2007-10-23 10:23:45,405 INFO
> >> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> >> <AuthenticationHandler:
> >> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler failed to
> >> authenticate the user which provided the following credentials:
> Tarik>
> >> Exception in thread "Store ticketCache Expiry Thread"
> >> java.lang.NullPointerException
> >> at org.apache.log4j.LogManager.getLogger(LogManager.java:188)
> >> at org.apache.log4j.Logger.getLogger(Logger.java:104)
> >> at
> >>
> org.apache.commons.logging.impl.Log4JLogger.getLogger(Log4JLogger.java
> >> :283)
> >> at
> >> org.apache.commons.logging.impl.Log4JLogger.isDebugEnabled(
> >> Log4JLogger.java:293)
> >> at
> >> net.sf.ehcache.store.DiskStore.expiryThreadMain(DiskStore.java:834)
> >> at net.sf.ehcache.store.DiskStore.access$700(DiskStore.java:59)
> >> at net.sf.ehcache.store.DiskStore$ExpiryThread.run(DiskStore.java
> >> :1008)
> >> 2007-10-23 10:23:59,140 INFO
> >> [org.jasig.cas.web.flow.AuthenticationViaFormAction] -
> <FormObjectClass
> >> not
> >> set. Using default class of
> >> org.jasig.cas.authentication.principal.UsernamePasswordCredentials
> with
> >> formObjectName credentials and validator
> >> org.jasig.cas.validation.UsernamePasswordCredentialsValidator.>
> >> 2007-10-23 10:24:02,829 INFO [
> >> org.jasig.cas.web.flow.InitialFlowSetupAction]
> >> - <Setting ContextPath for cookies to: /cas>
> >> 2007-10-23 10:24:12,016 INFO
> >> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> >> <AuthenticationHandler:
> >> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler failed to
> >> authenticate the user which provided the following credentials:
> Manager>
> >> 2007-10-23 10:24:17,246 INFO
> >> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> >> <AuthenticationHandler:
> >> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler failed to
> >> authenticate the user which provided the following credentials:
> Tarik>
> >> 2007-10-23 10:24:18,374 INFO
> >> [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner]
> -
> >> <Starting cleaning of expired tickets from ticket registry at [Tue
> Oct 23
> >> 10:24:18 WET 2007]>
> >> 2007-10-23 10:24:18,374 INFO
> >> [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner]
> - <0
> >> found to be removed. Removing now.>
> >> 2007-10-23 10:24:18,374 INFO
> >> [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner]
> -
> >> <Finished cleaning of expired tickets from ticket registry at [Tue
> Oct 23
> >> 10:24:18 WET 2007]>
> >>
> >> Help Plz
> >> Tarik Arrad
> >>
> >> --
> >> View this message in context:
> >> http://www.nabble.com/CAS-and-LDAP-problem-tf4676586.html#a13361444
> >> Sent from the CAS Users mailing list archive at Nabble.com.
> >>
> >> _______________________________________________
> >> Yale CAS mailing list
> >> cas at tp.its.yale.edu
> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >>
> >
> >
> >
> > --
> > -Scott Battaglia
> >
> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/CAS-and-LDAP-problem-tf4676586.html#a13363452
> Sent from the CAS Users mailing list archive at Nabble.com.
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20071023/ff406f34/attachment.html
More information about the cas
mailing list