Hi, thank you very much for your response. I have read your link but I don't understand how can I modify my deployerConfigContext.xml file with the ldap authentication handler. For the same file, about CAS 3.5.2 version, I have use these modifies:
<property name="authenticationHandlers"> <list> <!-- | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating | a server side SSL certificate. +--> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" /> <!-- | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS | into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials | where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your | local authentication strategy. You might accomplish this by coding a new such handler and declaring | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules. +--> <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" p:filter="uid=%u" p:searchBase="ou=users,dc=test,dc=com" p:contextSource-ref="contextSource"/> </list> </property> and <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"> <!-- DO NOT enable JNDI pooling for context sources that perform LDAP bind operations. --> <property name="pooled" value="false" /> <!-- Although multiple URLs may defined, it's strongly recommended to avoid this configuration since the implementation attempts hosts in sequence and requires a connection timeout prior to attempting the next host, which incurs unacceptable latency on node failure. A proper HA setup for LDAP directories should use a single virtual host that maps to multiple real hosts using a hardware load balancer. --> <property name="url" value="ldap://127.0.0.1:384"; /> <!-- Manager credentials are only required if your directory does not support anonymous searches. Never provide these credentials for FastBindLdapAuthenticationHandler since the user's credentials are used for the bind operation. --> <property name="userDn" value="cn=Master,dc=test,dc=com" /> <property name="password" value="test" /> <!-- Place JNDI environment properties here. --> <property name="baseEnvironmentProperties"> <map> <!-- Three seconds is an eternity to users. --> <entry key="com.sun.jndi.ldap.connect.timeout" value="3000" /> <entry key="com.sun.jndi.ldap.read.timeout" value="3000" /> <!-- Explained at http://download.oracle.com/javase/1.3/docs/api/javax/naming/Context.html#SECURITY_AUTHENTICATION--> <entry key="java.naming.security.authentication" value="simple" /> </map> </property> </bean> So, must I to use "LDAP Supporting Anonymous Search", is correct? So, is correct this modify about authenticationManager? What is the value of "value-ref" about my ldap handler? Where can I to change the parameters of connection to my OpenLDAP server? Is possible to have a simple example of this "deployerConfigContext.cml" file? Best regards, Gianluigi 2013/8/7 Jérôme LELEU <lel...@gmail.com> > Hi, > > Have a look at the documentation on github : > http://jasig.github.io/cas/installation/LDAP-Authentication.html. > Best regards, > Jérôme > > > > 2013/8/7 Gianluigi <gianluig...@gmail.com> > >> I have a question about Jasig CAS v. 4.0 RC2 >> >> I'm using this version downloaded from the Git repository. I would like >> to configure CAS with my LDAP server. >> >> With version 3.5.2 I can do this. >> >> On CAS v.4.0 RC2 >> I did not understand well how to write (structure) file to add >> authentication with LDAP >> >> cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml. >> >> I see some differences with the older version. I followed this link ( >> https://wiki.jasig.org/display/CASUM/LDAP) but I think it has changed >> the structure of this file in version 4. >> >> Can anyone tell me how this should be changed? >> -- >> You are currently subscribed to cas-dev@lists.jasig.org as: >> lel...@gmail.com >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-dev >> > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > gianluig...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
