Active Directory and FastBind
Juan Francisco Fernández Rodríguez
juanffernandez at faffe.es
Thu Sep 13 08:52:17 EDT 2007
Hi, I need to connect my CAS server with an Active Directory using fastbind.
When I try to login using my domain username and password, I get the
message:
“The credentials you provided cannot be determined to be authentic”
This is my deployerConfigContext.xml, with comments removed to post it ;):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToP
rincipalResolver" />
<bean
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToP
rincipalResolver" />
</list>
</property>
<property name="authenticationHandlers">
<list>
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredenti
alsAuthenticationHandler">
<property
name="httpClient" ref="httpClient" />
</bean>
<bean
class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" >
<property name="filter" value="sAMAccountName=%u,CN=Users,DC=mydomain,DC=es"
/>
<property name="ignorePartialResultException" value="yes" />
<property name="contextSource" ref="contextSource" />
</bean>
</list>
</property>
</bean>
<bean id="contextSource"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
<property name="urls">
<list>
<value>ldap://192.168.0.5/</value>
</list>
</property>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>java.naming.security.authentication</value>
</key>
<value>none</value>
</entry>
</map>
</property>
</bean>
</beans>
When Tomcat start, this debug lines are added to cas.log, look at the last
line, is this ok???? :
2007-09-13 14:40:03,562 DEBUG
[org.springframework.ldap.support.LdapContextSource] - AuthenticationSource
not set - using default implementation
2007-09-13 14:40:03,562 DEBUG
[org.springframework.ldap.support.LdapContextSource] - Using LDAP pooling.
2007-09-13 14:40:03,562 DEBUG
[org.springframework.ldap.support.LdapContextSource] - Trying provider Urls:
ldaps://ldap.rutgers.edu/ <------------------------ ?????????????
This other debug lines are some lines of debug output:
2007-09-13 14:07:36,187 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action
'AuthenticationViaFormAction' completed execution; result is 'success'
2007-09-13 14:07:36,187 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action
'AuthenticationViaFormAction' beginning execution
2007-09-13 14:07:36,187 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Found existing form
object with name 'credentials' of type [class
org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope
Flow
2007-09-13 14:07:36,796 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
AuthenticationHandler:
org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler failed to
authenticate the user which provided the following credentials: myusername
Thanks in advance,
Greets.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070913/d0a2f231/attachment.html
More information about the cas
mailing list