CAS and LDAP problem
Tarik Arrad
t.arrad at gmail.com
Tue Oct 23 11:40:31 EDT 2007
My CAS is working fine now, i juste added the uidobject class to my ldap
users and the problem is fixed.
Thank you very much Shi :)
2007/10/23, Shi Yusen <shiys at langhua.cn>:
>
> I'm using CAS + OpenLDAP without any problem. Did you restart your
> tomcat after made this modification?
>
> I'm also using jxplorer as well. Please set Level to Anonymous to see
> whether you can search the uid you want to login? If you want
> uid=t.arrad,ou=staff,dc=inspire-media,dc=ma, you should be able to
> search the uid anonymously. Perhaps you have to change your ldap's
> config.
>
> Regards,
>
> Shi Yusen/Beijing Langhua Ltd.
>
> ÔÚ 2007-10-23¶þµÄ 14:02 +0000£¬t.arrad at gmail.comдµÀ£º
> > I've tryed that issue but cas still reject the authentication.
> > Ldap is turned on localy, im using jexplore to update the ldap db.
> > Is there any config to do on the ldap side?
> > Envoy¨¦ par mon Blackberry de M¨¦ditel
> >
> > -----Original Message-----
> > From: Shi Yusen <shiys at langhua.cn>
> >
> > Date: Tue, 23 Oct 2007 21:47:50
> > To:Yale CAS mailing list <cas at tp.its.yale.edu>
> > Subject: Re: CAS and LDAP problem
> >
> >
> > Tarik,
> >
> > The following should work for you.
> >
> > <bean id="contextSource"
> > class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
> > <property name="anonymousReadOnly" value="false" />
> > <property name="pooled" value="true" />
> > <property name="urls">
> > <list>
> > <value>ldap://localhost:389/</value>
> > </list>
> > </property>
> > <property name="baseEnvironmentProperties">
> > <map>
> > <entry>
> >
> > <key><value>java.naming.security.authentication</value></key>
> > <value>simple</value>
> > </entry>
> > </map>
> > </property>
> > </bean>
> > </beans>
> >
> > BTW, are you sure ldap server runs on your localhost?
> >
> > Regards,
> >
> > Shi Yusen/Beijing Langhua Ltd.
> >
> >
> > ÔÚ 2007-10-23¶þµÄ 13:11 +0000£¬Tarik ArradдµÀ£º
> > > i still have the same problem, is there other thing to verify?
> > > As information i'm using openldap
> > >
> > > 2007/10/23, Andrew R Feller <afelle1 at lsu.edu>:
> > > Remove the "password" property off of your
> > > AuthenticatedLdapContextSource; you cannot connect as
> > > anonymousReadOnly
> > > and specify a password. =P
> > >
> > > Andrew R Feller, Analyst
> > > Subversion Administrator
> > > University Information Systems
> > > Louisiana State University
> > > afelle1 at lsu.edu
> > > (office) 225.578.3737
> > >
> > > -----Original Message-----
> > > From: cas-bounces at tp.its.yale.edu
> > > [mailto:cas-bounces at tp.its.yale.edu]
> > > On Behalf Of Tarik Arrad
> > > Sent: Tuesday, October 23, 2007 7:50 AM
> > > To: cas at tp.its.yale.edu
> > > Subject: Re: CAS and LDAP problem
> > >
> > >
> > > Hi Scott
> > > I'm doing authenticated reading.
> > > My authentication handler look like this :
> > > <bean
> > >
> > > class="
> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
> > > <property
> > > name="filter"
> > > value="uid=%u" />
> > > <property
> > > name="searchBase"
> > > value="dc=inspire-media,dc=ma" />
> > > <property
> > > name="contextSource"
> > > ref="contextSource" />
> > > </bean>
> > > </list>
> > > </property>
> > > </bean>
> > > <bean id="contextSource"
> > > class="
> org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
> > > <property name="userName"
> > > value="cn=Manager,dc=inspire-media,dc=ma" />
> > > <property name="anonymousReadOnly"
> > > value="True" />
> > > <property name="password" value="password" />
> > > <property name="pooled" value="true" />
> > > <property name="urls">
> > > <list>
> > >
> <value>ldap://localhost:389/</value>
> > > </list>
> > > </property>
> > > <property name="baseEnvironmentProperties">
> > > <map>
> > > <!--<entry>
> > >
> > > <key><value>java.naming.security.protocol</value></key>
> > > <value>ssl</value>
> > > </entry>-->
> > > <entry>
> > >
> > > <key><value>java.naming.security.authentication</value></key>
> > > <value>simple</value>
> > > </entry>
> > > </map>
> > > </property>
> > > </bean>
> > >
> > >
> > >
> > >
> > > scott_battaglia wrote:
> > > >
> > > > Tarik,
> > > >
> > > > First, if you have a question please send the message once
> > > to the CAS
> > > > users
> > > > list. It generates less noise that way. You do not
> > > increase your
> > > chances
> > > > of getting a response by sending it multiple times in such a
> > > short
> > > period
> > > > of
> > > > time (I should also never be emailed personally if you have
> > > a
> > > question).
> > > >
> > > > As for your question, if you are having trouble logging in
> > > via LDAP,
> > > > ensure
> > > > the following:
> > > > you are doing authenticated reading (providing a username
> > > and password
> > > in
> > > > the Context with the appropriate LDAP properties set for
> > > your
> > > > configuration)
> > > > and ensure that your filter and base are set correctly.
> > > >
> > > > This page gives some example configurations of the Context
> > > and
> > > properties.
> > > > Note that your configuration may be different:
> > > > http://www.ja-sig.org/wiki/display/CASUM/LDAP
> > > >
> > > > Thanks
> > > > -Scott
> > > >
> > > > On 10/23/07, Tarik Arrad <t.arrad at gmail.com> wrote:
> > > >>
> > > >>
> > > >> I'm trying to deploy CAS with LDAP (OpenLDAP), after
> > > authentication i
> > > >> have
> > > >> this log messages :
> > > >>
> > > >> 2007-10-23 10:19:25,770 INFO [
> > > >> org.jasig.cas.web.flow.InitialFlowSetupAction]
> > > >> - <Setting ContextPath for cookies to: /cas>
> > > >> 2007-10-23 10:19:30,920 INFO
> > > >> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> > > >> <AuthenticationHandler:
> > > >> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler
> > > failed to
> > > >> authenticate the user which provided the following
> > > credentials:
> > > Driss>
> > > >> Exception in thread "Store ticketCache Expiry Thread"
> > > >> java.lang.NullPointerException
> > > >> at
> > > org.apache.log4j.LogManager.getLogger(LogManager.java:188)
> > > >> at org.apache.log4j.Logger.getLogger(Logger.java:104)
> > > >> at
> > > >>
> > > org.apache.commons.logging.impl.Log4JLogger.getLogger
> > > (Log4JLogger.java
> > > >> :283)
> > > >> at
> > > >> org.apache.commons.logging.impl.Log4JLogger.isDebugEnabled(
> > > >> Log4JLogger.java:293)
> > > >> at
> > > >> net.sf.ehcache.store.DiskStore.expiryThreadMain
> > > (DiskStore.java:834)
> > > >> at net.sf.ehcache.store.DiskStore.access
> > > $700(DiskStore.java:59)
> > > >> at net.sf.ehcache.store.DiskStore
> > > $ExpiryThread.run(DiskStore.java
> > > >> :1008)
> > > >> 2007-10-23 10:20:44,687 INFO
> > > >> [org.jasig.cas.web.flow.AuthenticationViaFormAction] -
> > > <FormObjectClass
> > > >> not
> > > >> set. Using default class of
> > > >>
> > >
> org.jasig.cas.authentication.principal.UsernamePasswordCredentials
> > > with
> > > >> formObjectName credentials and validator
> > > >>
> > > org.jasig.cas.validation.UsernamePasswordCredentialsValidator
> .>
> > > >> 2007-10-23 10:20:47,878 INFO [
> > > >> org.jasig.cas.web.flow.InitialFlowSetupAction ]
> > > >> - <Setting ContextPath for cookies to: /cas>
> > > >> 2007-10-23 10:20:53,176 INFO
> > > >> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> > > >> <AuthenticationHandler:
> > > >> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler
> > > failed to
> > > >> authenticate the user which provided the following
> > > credentials:
> > > Tarik>
> > > >> 2007-10-23 10:20:59,737 INFO
> > > >> [org.jasig.cas.authentication.AuthenticationManagerImpl ] -
> > > >> <AuthenticationHandler:
> > > >> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler
> > > failed to
> > > >> authenticate the user which provided the following
> > > credentials:
> > > Manager>
> > > >> 2007-10-23 10:21:03,940 INFO
> > > >>
> > > [
> org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner]
> > > -
> > > >> <Starting cleaning of expired tickets from ticket registry
> > > at [Tue
> > > Oct 23
> > > >> 10:21:03 WET 2007]>
> > > >> 2007-10-23 10:21:03,940 INFO
> > > >>
> > > [
> org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner]
> > > - <0
> > > >> found to be removed. Removing now.>
> > > >> 2007-10-23 10:21:03,940 INFO
> > > >>
> > > [
> org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner ]
> > > -
> > > >> <Finished cleaning of expired tickets from ticket registry
> > > at [Tue
> > > Oct 23
> > > >> 10:21:03 WET 2007]>
> > > >> 2007-10-23 10:23:45,405 INFO
> > > >> [org.jasig.cas.authentication.AuthenticationManagerImpl ] -
> > > >> <AuthenticationHandler:
> > > >> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler
> > > failed to
> > > >> authenticate the user which provided the following
> > > credentials:
> > > Tarik>
> > > >> Exception in thread "Store ticketCache Expiry Thread"
> > > >> java.lang.NullPointerException
> > > >> at
> > > org.apache.log4j.LogManager.getLogger(LogManager.java:188)
> > > >> at org.apache.log4j.Logger.getLogger(Logger.java:104)
> > > >> at
> > > >>
> > > org.apache.commons.logging.impl.Log4JLogger.getLogger(
> Log4JLogger.java
> > > >> :283)
> > > >> at
> > > >> org.apache.commons.logging.impl.Log4JLogger.isDebugEnabled(
> > > >> Log4JLogger.java:293)
> > > >> at
> > > >>
> > > net.sf.ehcache.store.DiskStore.expiryThreadMain(DiskStore.java
> :834)
> > > >> at net.sf.ehcache.store.DiskStore.access
> > > $700(DiskStore.java:59)
> > > >> at net.sf.ehcache.store.DiskStore$ExpiryThread.run
> > > (DiskStore.java
> > > >> :1008)
> > > >> 2007-10-23 10:23:59,140 INFO
> > > >> [org.jasig.cas.web.flow.AuthenticationViaFormAction] -
> > > <FormObjectClass
> > > >> not
> > > >> set. Using default class of
> > > >>
> > >
> org.jasig.cas.authentication.principal.UsernamePasswordCredentials
> > > with
> > > >> formObjectName credentials and validator
> > > >>
> > > org.jasig.cas.validation.UsernamePasswordCredentialsValidator
> .>
> > > >> 2007-10-23 10:24:02,829 INFO [
> > > >> org.jasig.cas.web.flow.InitialFlowSetupAction]
> > > >> - <Setting ContextPath for cookies to: /cas>
> > > >> 2007-10-23 10:24:12,016 INFO
> > > >> [org.jasig.cas.authentication.AuthenticationManagerImpl ] -
> > > >> <AuthenticationHandler:
> > > >> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler
> > > failed to
> > > >> authenticate the user which provided the following
> > > credentials:
> > > Manager>
> > > >> 2007-10-23 10:24:17,246 INFO
> > > >> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> > > >> <AuthenticationHandler:
> > > >> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler
> > > failed to
> > > >> authenticate the user which provided the following
> > > credentials:
> > > Tarik>
> > > >> 2007-10-23 10:24:18,374 INFO
> > > >>
> > > [
> org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner]
> > > -
> > > >> <Starting cleaning of expired tickets from ticket registry
> > > at [Tue
> > > Oct 23
> > > >> 10:24:18 WET 2007]>
> > > >> 2007-10-23 10:24:18,374 INFO
> > > >>
> > > [
> org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner]
> > > - <0
> > > >> found to be removed. Removing now.>
> > > >> 2007-10-23 10:24:18,374 INFO
> > > >>
> > > [
> org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner]
> > > -
> > > >> <Finished cleaning of expired tickets from ticket registry
> > > at [Tue
> > > Oct 23
> > > >> 10:24:18 WET 2007]>
> > > >>
> > > >> Help Plz
> > > >> Tarik Arrad
> > > >>
> > > >> --
> > > >> View this message in context:
> > > >>
> > >
> http://www.nabble.com/CAS-and-LDAP-problem-tf4676586.html#a13361444
> > > >> Sent from the CAS Users mailing list archive at Nabble.com.
> > > >>
> > > >> _______________________________________________
> > > >> Yale CAS mailing list
> > > >> cas at tp.its.yale.edu
> > > >> http://tp.its.yale.edu/mailman/listinfo/cas
> > > >>
> > > >
> > > >
> > > >
> > > > --
> > > > -Scott Battaglia
> > > >
> > > > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > > >
> > > > _______________________________________________
> > > > Yale CAS mailing list
> > > > cas at tp.its.yale.edu
> > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > >
> > > >
> > >
> > > --
> > > View this message in context:
> > >
> http://www.nabble.com/CAS-and-LDAP-problem-tf4676586.html#a13363452
> > > Sent from the CAS Users mailing list archive at Nabble.com.
> > >
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20071023/999e4d93/attachment.html
More information about the cas
mailing list