Thanks for that. Have made that change but still getting login
credentials invalid, which is also being generated in AD log.

 

Regards

 

Mike Jones

 

Identity Management Systems Administrator

IT Systems

University of Hull

 

Tel: 01482 465549

Email: [email protected]

 

From: Scott Battaglia [mailto:[email protected]] 
Sent: 22 May 2009 14:28
To: [email protected]
Subject: Re: [cas-user] Problem authenticating with CAS to Active
Directory

 

On Fri, May 22, 2009 at 9:25 AM, Andrew Feller <[email protected]> wrote:

<snip />

1.      Try "userName" instead of "userDn" on the contextsource

In newer versions of Spring LDAP, userDn should be fine (I think
userName is deprecated).

Cheers,
Scott

        
        Hope something comes together for you but honestly we switched
from using LDAP for AD to Kerberos, which I think is what AD typically
prefers.  Anyhow try it and see what happens.
        
        Cheers,
        A
        -- 
        Andrew Feller, Analyst
        LSU University Information Services
        200 Frey Computing Services Center
        Baton Rouge, LA 70803
        Office: 225.578.3737
        Fax: 225.578.6400

        
        
        
        
        
        On 5/22/09 8:06 AM, "Michael A Jones" <[email protected]>
wrote:

                Hi there,
                 
                I am having communication problems with my Active
Directory and CAS. My AD machine is called idm-dc1 and my domain is
ExampleOrganization.local. At present, when I try to login to CAS I am
getting an error message from CAS saying "The credentials you provided
cannot be determined to be authentic". 
                I am logging in as one of my users as below and their
account details in AD are included for reference. My users are held in
an ou called Identities:
                 
                [email protected]
                Password=apassword
                 
                Ldif for this user in AD:
                 
                dn:
[email protected],OU=Identities,DC=ExampleOrganization,DC=local
                changetype: add
                objectClass: top
                objectClass: person
                objectClass: organizationalPerson
                objectClass: user
                cn: [email protected]
                sn: MELDRUM
                title: MS
                givenName: LAURA
                distinguishedName: 
        
[email protected],OU=Identities,DC=ExampleOrganization,DC=local
                instanceType: 4
                whenCreated: 20090508082512.0Z
                whenChanged: 20090508082512.0Z
                uSNCreated: 15381
                uSNChanged: 15394
                name: [email protected]
                objectGUID:: z0FREwjkVkiMPl67khJCYQ==
                userAccountControl: 512
                badPwdCount: 0
                codePage: 0
                countryCode: 0
                badPasswordTime: 0
                lastLogoff: 0
                lastLogon: 0
                pwdLastSet: 128862447125126250
                primaryGroupID: 513
                objectSid:: ZHUAAAAAAAUVAAAAtGO
                accountExpires: 9223372036854775807
                logonCount: 0
                sAMAccountName: $Z21000-CA6B2SF9KI
                sAMAccountType: 805306368
                objectCategory: 
        
CN=Person,CN=Schema,CN=Configuration,DC=ExampleOrganization,DC=local
                mail: [email protected]
                 
                 
                My relevant segment of my deploycontextconfig.xml
settings is as follows:
                 
                <bean
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
                                            <property name="filter"
value="sAMAccountName=%u" />
                                            <property name="searchBase"
value="ou=Identities,dc=ExampleOrganization,dc=local" />
                                            <property
name="contextSource" ref="contextSource" />
                                            <property
name="ignorePartialResultException" value="yes" />
                                       </bean>                      
                                 </list>
                           </property>
                      </bean>
                    
                      <bean id="contextSource"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
                           <property name="urls">
                           <list>
                                <value>ldap://194.168.0.2</value> <!-ip
address of my AD machine -->
                           </list>
                           </property>
                           <property name="userDn"
value="CN=Administrator,CN=Users,DC=ExampleOrganization,DC=local"/>
                           <property name="password" value="password"/>
                           <property name="baseEnvironmentProperties">
                           <map>
                           <entry>
                           <key>
        
<value>java.naming.security.authentication</value>
                           </key>
                                <value>simple</value>
                           </entry>
                           </map>
                           </property>
                      </bean>
                 
                Can anyone offer advice on where I am going wrong? I
have followed the info on settings for communicating with AD and would
appreciate advice off someone who is successfully communicating with CAS
and AD just using the LDAP method.
                
                 
                Regards
                 
                Mike Jones
                 
                Identity Management Systems Administrator
                IT Systems
                University of Hull
                 
                Tel: 01482 465549
                Email: [email protected]
                 

         

        -- 
        
        You are currently subscribed to [email protected] as:
[email protected]
        
        
        
        
         
        To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user

 

-- 

You are currently subscribed to [email protected] as:
[email protected]

To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user
*****************************************************************************************
To view the terms under which this email is distributed, please go to 
http://www.hull.ac.uk/legal/email_disclaimer.html
*****************************************************************************************

Reply via email to