CAS & LDAP
Matthew Jones
matthew.jones at interactivedata.com
Thu Jul 24 11:41:27 EDT 2008
> Welcome to CAS! I'm not an LDAP expert either (we also don't use Fastbind),
> but I'll try to provide some basic guidance and then our OpenLDAP experts
> can chime in (we have a few).
Great, I need help.
> No need to put anything there! The ContextSource is generic so it can be
> used for both the FastBind and the other option.
I tried it without userName and password properties as in the enclosed
config file (modified LDAP URL)
That is no userName or password properties so that sounds correct?
> The UsernamePasswordCredentialsToPrincipalResolver should actually be
> configured already in your deployerConfigContext.xml. Unless you've removed
> it, there's no need to do anything with it!
No I haven't removed it and I assumed that part didn't need changing as
it wasn't mentioned
> Have you tried starting up your CAS server after configuring it with LDAP?
> If you've got any Spring configuration issues you'll see them. If you have
> authentication issues you may not see them until you turn your logging level
> up (in the WEB-INF/classes/log4j.properties you can set it to DEBUG instead
> of INFO or WARN).
When I tried with the attached deployer config it refused to start. Let
me say here that my Tomcat configuration is challenging as I have to run
on Centos and it already had an old JDK installed on it. I had to
wrestle with an eel just to get the 1.5 Sun JDK on there and used by
Tomcat. I had to manually tweak a link to get it to run at all and I
couldn't get the update-alternatives thing to work. Anyway, I get some
"errors" even when starting tomcat without CAS with LDAP :-
Starting tomcat5: /usr/bin/rebuild-jar-repository: error: JVM_LIBDIR
/usr/lib/jvm-exports/java does not exist or is not a directory
/usr/bin/rebuild-jar-repository: error: JVM_LIBDIR
(repeated 3 times)
catalina.out contains:-
log4j:ERROR setFile(null,true) call failed.
java.io.FileNotFoundException: cas.log (Permission denied)
But I can log into CAS using the simple authenticator so it's not
completely fatal
Anyway, I then switch to the attached deployerConfigControl.xml and I
lose the CAS login page altogether and just receive a message thus:
HTTP Status 404 - /cas-server-webapp-3.2.1/index.jsp
type Status report
message /cas-server-webapp-3.2.1/index.jsp
description The requested resource (/cas-server-webapp-3.2.1/index.jsp)
is not available.
Apache Tomcat/5.5.23
> Sun also has some LDAP specific logging stuff.
Cheers
--
Matthew Jones
Interactive Data Managed Solutions Ltd
-----------------------------------------------------------------------
Registered in England Company Number 3691868
Registered Office: Suite 1101 Eagle Tower | Montpellier Drive |
Cheltenham | Gloucestershire | GL50 1TA
Tel: +44 (0)1242 694133 | Fax: +44 (0)1242 694109
matthew.jones at interactivedata.com
http://www.interactivedata-ms.com/694133
-------------- next part --------------
A non-text attachment was scrubbed...
Name: deployerConfigContext.xml
Type: text/xml
Size: 8779 bytes
Desc: not available
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20080724/40ee99f2/attachment.xml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2690 bytes
Desc: S/MIME Cryptographic Signature
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20080724/40ee99f2/attachment.bin
More information about the cas
mailing list