Bruno,
Here you go; here is an excerpt on how to configure LDAP AD. This would be
included in your deployerConfigContext.xml.
A-
<!--
LDAP Authentication Handler used to
authenticate against Lotus Domino
Scope Values
(javax.naming.directory.SearchControls):
OBJECT_SCOPE (0)
ONLEVEL_SCOPE (1)
SUBTREE_SCOPE (2)
-->
<bean id="ldapActiveDirectory"
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
<property name="filter"
value="sAMAccountName=%u" />
<property name="searchBase"
value="<your search base here>" />
<property name="contextSource"
ref="contextSourceActiveDirectory" />
<property name="scope" value="2" />
<property name="timeout" value="120"
/>
<property
name="ignorePartialResultException" value="yes" />
</bean>
</list>
</property>
</bean>
<bean id="contextSourceActiveDirectory"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
<property name="pooled" value="true"/>
<property name="urls">
<list>
<value>ldaps://activedirectory1.example.com</value>
<value>ldaps://activedirectory2.example.com</value>
</list>
</property>
<property name="userName" value="distinguishing name of
account to connect to Active Directory server" />
<property name="password" value="password for userName to
log into Active Directory server" />
<property name="baseEnvironmentProperties">
<map>
<entry>
<key><value>java.naming.security.authentication</value></key>
<value>simple</value>
</entry>
</map>
</property>
</bean>
On 2/20/09 8:09 AM, "Bruno Melloni" <[email protected]> wrote:
> Hi Li,
>
> I hit similar difficulties trying to understand how to configure CAS for LDAP
> authentication against ActiveDirectory. In the end I found it easier to write
> my own Authentication Handler and plain vanilla LDAP search code.
>
> You are doing the right thing by trying to use the CAS LDAP authentication
> handler, as it is a much more robust answer than any custom handler can be.
> But if you can¹t figure out how to configure the LDAP Authenticator properly,
> let me know I¹d be happy to share my code and configuration. It is very
> primitive, but reliable and easy to use.
>
> b.
>
>
>
> From: Andrew Feller [mailto:[email protected]]
> Sent: Friday, February 20, 2009 7:40 AM
> To: [email protected]
> Subject: Re: [cas-user] CAS 3 problem
>
> Li,
>
> I think this might be a misconfiguration issue. When configuring your LDAP
> Context & Authentication Handler, you can set how deep beneath the searchBase
> to search. If you are like the rest of us, you probably don¹t have all user
> entries within a single base, so you need to configure the scope to search
> subtrees. Without more info, this is my best knee jerk reaction.
>
> Hope it helps,
> A-
>
> <!--
> LDAP Authentication Handler used to authenticate against Lotus Domino
> Scope Values (javax.naming.directory.SearchControls):
> OBJECT_SCOPE (0)
> ONLEVEL_SCOPE (1)
> SUBTREE_SCOPE (2)
> -->
> <bean
> class="org.jasig.cas.authentication.handler.support.BindLdapAuthenticationHand
> ler"
> p:filter="uid=%uid"
> p:searchBase="o=whatever"
> p:contextSource-ref="contextSource"
> p:scope="2"
> p:timeout="120" />
>
> CAS Wiki: http://www.ja-sig.org/wiki/display/CASUM/LDAP
>
>
>
> On 2/20/09 2:27 AM, "Raghu Ravi" <[email protected]> wrote:
> Hi Li,
> Could you give more detail on the error, the server log will do.
>
> On Fri, Feb 20, 2009 at 5:55 AM, Li Zhang <[email protected]> wrote:
> Hi,
>
> I've installed CAS 3.3.1 server on my machine.
> Now I only can use my own credentials to login.
> Other persons on the same LDAP server can
> not login using CAS. What could be the problem?
> Is that a certificate issue ?
>
>
> Thanks.
>
> Li
>
> --
> Andrew Feller, Analyst
> LSU University Information Services
> 200 Frey Computing Services Center
> Baton Rouge, LA 70803
> Office: 225.578.3737
> Fax: 225.578.6400
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
