Active Directory and FastBind
Juan Francisco Fernández Rodríguez
juanffernandez at faffe.es
Fri Sep 14 05:13:55 EDT 2007
Oooops, I paste the wrong war file in Tomcat... But the problem persists
I
try to connect using BindLdapAuthenticationHandler with my username and
password to bind, and all works perfect, but still having problems to use
FastbindBindLdapAuthenticationHandler
Could be the problem related to
anonymous search not allowed? The deployerConfigContext.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToP
rincipalResolver" />
<bean
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToP
rincipalResolver" />
</list>
</property>
<property name="authenticationHandlers">
<list>
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredenti
alsAuthenticationHandler">
<property name="httpClient"
ref="httpClient" />
</bean>
<bean
class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" >
<property name="filter"
value="sAMAccountName=%u,cn=Users,dc=mydomain,dc=mydomainextension" />
<property name="ignorePartialResultException" value="yes" />
<property name="contextSource" ref="contextSource" />
</bean>
</list>
</property>
</bean>
<bean id="contextSource"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
<property name="urls">
<list>
<value>ldap://192.168.0.5/</value>
</list>
</property>
</bean>
</beans>
_____
De: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] En
nombre de Scott Battaglia
Enviado el: jueves, 13 de septiembre de 2007 16:02
Para: Yale CAS mailing list
Asunto: Re: Active Directory and FastBind
Your configuration file apparently has some Rutgers URLs in it ;-)
-Scott
On 9/13/07, Juan Francisco Fernández Rodríguez < juanffernandez at faffe.es
<mailto:juanffernandez at faffe.es> > wrote:
Hi, I need to connect my CAS server with an Active Directory using fastbind.
When I try to login using my domain username and password, I get the
message:
"The credentials you provided cannot be determined to be authentic"
This is my deployerConfigContext.xml, with comments removed to post it ;):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToP
rincipalResolver " />
<bean
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToP
rincipalResolver " />
</list>
</property>
<property name="authenticationHandlers">
<list>
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredenti
alsAuthenticationHandler ">
<property
name="httpClient" ref="httpClient" />
</bean>
<bean
class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" >
<property name="filter" value="sAMAccountName=%u,CN=Users,DC=mydomain,DC=es"
/>
<property name="ignorePartialResultException" value="yes" />
<property name="contextSource" ref="contextSource" />
</bean>
</list>
</property>
</bean>
<bean id="contextSource"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
<property name="urls">
<list>
<value>ldap://192.168.0.5/</value>
</list>
</property>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>java.naming.security.authentication</value>
</key>
<value>none</value>
</entry>
</map>
</property>
</bean>
</beans>
When Tomcat start, this debug lines are added to cas.log, look at the last
line, is this ok???? :
2007-09-13 14:40:03,562 DEBUG
[org.springframework.ldap.support.LdapContextSource] - AuthenticationSource
not set - using default implementation
2007-09-13 14:40:03,562 DEBUG
[org.springframework.ldap.support.LdapContextSource] - Using LDAP pooling.
2007-09-13 14:40:03,562 DEBUG
[org.springframework.ldap.support.LdapContextSource] - Trying provider Urls:
ldaps://ldap.rutgers.edu/ <------------------------ ?????????????
This other debug lines are some lines of debug output:
2007-09-13 14:07:36,187 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action
'AuthenticationViaFormAction' completed execution; result is 'success'
2007-09-13 14:07:36,187 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action
'AuthenticationViaFormAction' beginning execution
2007-09-13 14:07:36,187 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Found existing form
object with name 'credentials' of type [class
org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope
Flow
2007-09-13 14:07:36,796 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
AuthenticationHandler:
org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler failed to
authenticate the user which provided the following credentials: myusername
Thanks in advance,
Greets.
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070914/a7df6540/attachment-0001.html
More information about the cas
mailing list