Thanks for that. Have made that change but still getting login
credentials invalid, which is also being generated in AD log.
Regards
Mike Jones
Identity Management Systems Administrator
IT Systems
University of Hull
Tel: 01482 465549
Email: [email protected]
From: Scott Battaglia [mailto:[email protected]]
Sent: 22 May 2009 14:28
To: [email protected]
Subject: Re: [cas-user] Problem authenticating with CAS to Active
Directory
On Fri, May 22, 2009 at 9:25 AM, Andrew Feller <[email protected]> wrote:
<snip />
1. Try "userName" instead of "userDn" on the contextsource
In newer versions of Spring LDAP, userDn should be fine (I think
userName is deprecated).
Cheers,
Scott
Hope something comes together for you but honestly we switched
from using LDAP for AD to Kerberos, which I think is what AD typically
prefers. Anyhow try it and see what happens.
Cheers,
A
--
Andrew Feller, Analyst
LSU University Information Services
200 Frey Computing Services Center
Baton Rouge, LA 70803
Office: 225.578.3737
Fax: 225.578.6400
On 5/22/09 8:06 AM, "Michael A Jones" <[email protected]>
wrote:
Hi there,
I am having communication problems with my Active
Directory and CAS. My AD machine is called idm-dc1 and my domain is
ExampleOrganization.local. At present, when I try to login to CAS I am
getting an error message from CAS saying "The credentials you provided
cannot be determined to be authentic".
I am logging in as one of my users as below and their
account details in AD are included for reference. My users are held in
an ou called Identities:
[email protected]
Password=apassword
Ldif for this user in AD:
dn:
[email protected],OU=Identities,DC=ExampleOrganization,DC=local
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: [email protected]
sn: MELDRUM
title: MS
givenName: LAURA
distinguishedName:
[email protected],OU=Identities,DC=ExampleOrganization,DC=local
instanceType: 4
whenCreated: 20090508082512.0Z
whenChanged: 20090508082512.0Z
uSNCreated: 15381
uSNChanged: 15394
name: [email protected]
objectGUID:: z0FREwjkVkiMPl67khJCYQ==
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
pwdLastSet: 128862447125126250
primaryGroupID: 513
objectSid:: ZHUAAAAAAAUVAAAAtGO
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: $Z21000-CA6B2SF9KI
sAMAccountType: 805306368
objectCategory:
CN=Person,CN=Schema,CN=Configuration,DC=ExampleOrganization,DC=local
mail: [email protected]
My relevant segment of my deploycontextconfig.xml
settings is as follows:
<bean
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter"
value="sAMAccountName=%u" />
<property name="searchBase"
value="ou=Identities,dc=ExampleOrganization,dc=local" />
<property
name="contextSource" ref="contextSource" />
<property
name="ignorePartialResultException" value="yes" />
</bean>
</list>
</property>
</bean>
<bean id="contextSource"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
<property name="urls">
<list>
<value>ldap://194.168.0.2</value> <!-ip
address of my AD machine -->
</list>
</property>
<property name="userDn"
value="CN=Administrator,CN=Users,DC=ExampleOrganization,DC=local"/>
<property name="password" value="password"/>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>java.naming.security.authentication</value>
</key>
<value>simple</value>
</entry>
</map>
</property>
</bean>
Can anyone offer advice on where I am going wrong? I
have followed the info on settings for communicating with AD and would
appreciate advice off someone who is successfully communicating with CAS
and AD just using the LDAP method.
Regards
Mike Jones
Identity Management Systems Administrator
IT Systems
University of Hull
Tel: 01482 465549
Email: [email protected]
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user*****************************************************************************************
To view the terms under which this email is distributed, please go to
http://www.hull.ac.uk/legal/email_disclaimer.html
*****************************************************************************************
