CAS unable to authenticate with openldap

Scott Battaglia scott.battaglia at gmail.com
Thu May 8 10:07:40 EDT 2008 

Your search base

<property name="searchBase" value="c=us,o=sgi" />

appears to be the same as your principal.  Is that how its supposed to be?



On Thu, May 8, 2008 at 1:12 AM, bhargava v <mr.vemula at gmail.com> wrote:

> Hello All,
>
> Before i posted this message, i did extensive google search and combed
> thru this list archives so i know for sure that my problem wasn't faced by
> someone before :-).
>
> Ok now to the problem:
>
> I've openldap 2.3.39 + CAS 3.0.7 running on my machine.  I checked  if my
> openldap is working properly by using softerra ldap admin software and the
> connection info is as follows:
> connection mechanism : simple
> principal: o=sgi,c=us
> password: secret
> hostname and port and standard.
>
> I'm able to view all the schema using ldap admin.
>
> I want CAS to talk to ldap and get the authentication/authorization info.
> I've copied all the jars from ldaptemplate from sourceforge and ldap adaptor
> in the webapps/cas/WEB-INF/lib directory.
>
> My deployercontextconfig looks like this:
>
>  <bean id="authenticationManager"
>            class="org.jasig.cas.authentication.AuthenticationManagerImpl">
>
>            <property name="credentialsToPrincipalResolvers">
>                    <list>
>                            <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
>
>                            <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
>                    </list>
>            </property>
>
>         <property name="authenticationHandlers">
>         <list>
>                 <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler">
>
>                         <property
>                                  name="httpClient"
>                                  ref="httpClient" />
>
>                 </bean>
>
>                 <bean
>                         class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
>                                 <property name="filter" value="uid=%u" />
>
>                                 <property name="searchBase" value="c=us,o=sgi" />
>                                 <property name="contextSource" ref="contextSource" />
>
>                 </bean>
>         </list>
>         </property>
>
>         </bean>
>
>         <bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
>
>                  <property name="userName" value="c=us,o=sgi" />
>
>                  <property name="password" value="secret" />
>                  <property name="urls">
>
>                          <list>
>                                  <value>my ldap url</value>
>                          </list>
>                  </property>
>
>                  <property name="baseEnvironmentProperties">
>                          <map>
>                                  <entry>
>                                          <key><value>java.naming.security.authentication</value></key>
>
>                                          <value>simple</value>
>                                  </entry>
>                         </map>
>                 </property>
>         </bean>
>
>
> I give the login info at the CAS sign-in page but it says it cannot
> authenticate. I've turned on the DEBUG for org.springframework in properties
> file and i get this info:
>
> -----------------------------------------------------------------------------------------------------
> Error in object 'credentials': codes
> [error.authentication.credentials.bad.credentials,error.authentication.credentials.bad];
> arguments []; default message [error.authentication.credentials.bad],
> 'org.springframework.validation.BindException.credentials' ->
> org.springframework.validation.BindException:
> org.springframework.validation.BeanPropertyBindingResult: 1 errors
> Error in object 'credentials': codes
> [error.authentication.credentials.bad.credentials,error.authentication.credentials.bad];
> arguments []; default message [error.authentication.credentials.bad]],
> status = Paused]]]':
> '_c17411DFE-7CF0-3139-DFCD-9A12867433DA_k674FD418-6DFD-2E65-0B0D-C1855E87D2F3';
> previous key was
> '_c17411DFE-7CF0-3139-DFCD-9A12867433DA_k70CCC903-6A3B-986A-B09D-B7E4A96F931E'>
>
> ---------------------------------------------------------------------------------------------------------
> I'm giving the right username and password at the login page but it still
> says that credentials are wrong. I'm guessing that the username given in the
> deployercontextconfig.xml is wrong but i used the same principal to view
> schema via ldap browser.
>
> What is wrong with my setup?
>
> Thanks in advance for your time and help.
> Vemula
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>


-- 
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080508/1fd2eab6/attachment.html

More information about the cas mailing list