On Fri, May 22, 2009 at 9:25 AM, Andrew Feller <[email protected]> wrote:
> <snip /> > > 1. Try “userName” instead of “userDn” on the contextsource > > In newer versions of Spring LDAP, userDn should be fine (I think userName is deprecated). Cheers, Scott > Hope something comes together for you but honestly we switched from using > LDAP for AD to Kerberos, which I think is what AD typically prefers. Anyhow > try it and see what happens. > > Cheers, > A > -- > Andrew Feller, Analyst > LSU University Information Services > 200 Frey Computing Services Center > Baton Rouge, LA 70803 > Office: 225.578.3737 > Fax: 225.578.6400 > > > > > > On 5/22/09 8:06 AM, "Michael A Jones" <[email protected]> wrote: > > Hi there, > > I am having communication problems with my Active Directory and CAS. My AD > machine is called idm-dc1 and my domain is ExampleOrganization.local. At > present, when I try to login to CAS I am getting an error message from CAS > saying “The credentials you provided cannot be determined to be authentic”. > I am logging in as one of my users as below and their account details in AD > are included for reference. My users are held in an ou called Identities: > > [email protected] > Password=apassword > > Ldif for this user in AD: > > dn: [email protected],OU=Identities,DC=ExampleOrganization,DC=local > changetype: add > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: user > cn: [email protected] > sn: MELDRUM > title: MS > givenName: LAURA > distinguishedName: > [email protected],OU=Identities,DC=ExampleOrganization,DC=local > instanceType: 4 > whenCreated: 20090508082512.0Z > whenChanged: 20090508082512.0Z > uSNCreated: 15381 > uSNChanged: 15394 > name: [email protected] > objectGUID:: z0FREwjkVkiMPl67khJCYQ== > userAccountControl: 512 > badPwdCount: 0 > codePage: 0 > countryCode: 0 > badPasswordTime: 0 > lastLogoff: 0 > lastLogon: 0 > pwdLastSet: 128862447125126250 > primaryGroupID: 513 > objectSid:: ZHUAAAAAAAUVAAAAtGO > accountExpires: 9223372036854775807 > logonCount: 0 > sAMAccountName: $Z21000-CA6B2SF9KI > sAMAccountType: 805306368 > objectCategory: > CN=Person,CN=Schema,CN=Configuration,DC=ExampleOrganization,DC=local > mail: [email protected] > > > My relevant segment of my deploycontextconfig.xml settings is as follows: > > <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> > <property name="filter" > value="sAMAccountName=%u" /> > <property name="searchBase" > value="ou=Identities,dc=ExampleOrganization,dc=local" /> > <property name="contextSource" > ref="contextSource" /> > <property name="ignorePartialResultException" > value="yes" /> > </bean> > </list> > </property> > </bean> > > <bean id="contextSource" > class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> > <property name="urls"> > <list> > <value>ldap://194.168.0.2</value> <!—ip address of my AD > machine --> > </list> > </property> > <property name="userDn" > value="CN=Administrator,CN=Users,DC=ExampleOrganization,DC=local"/> > <property name="password" value="password"/> > <property name="baseEnvironmentProperties"> > <map> > <entry> > <key> > <value>java.naming.security.authentication</value> > </key> > <value>simple</value> > </entry> > </map> > </property> > </bean> > > Can anyone offer advice on where I am going wrong? I have followed the info > on settings for communicating with AD and would appreciate advice off > someone who is successfully communicating with CAS and AD just using the > LDAP method. > > > Regards > > Mike Jones > > Identity Management Systems Administrator > IT Systems > University of Hull > > Tel: 01482 465549 > Email: [email protected] > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
