Michael: I'll send another mail to this post when I've had some more time to digest your configuration but I wanted to ask if you are using a service account? I had to use a service account first, and then the authentication (separate credentials) were authenticated.
David On Fri, May 22, 2009 at 9:06 AM, Michael A Jones <[email protected]> wrote: > Hi there, > > > > I am having communication problems with my Active Directory and CAS. My AD > machine is called idm-dc1 and my domain is ExampleOrganization.local. At > present, when I try to login to CAS I am getting an error message from CAS > saying “The credentials you provided cannot be determined to be authentic”. > > I am logging in as one of my users as below and their account details in AD > are included for reference. My users are held in an ou called Identities: > > > > [email protected] > > Password=apassword > > > > Ldif for this user in AD: > > > > dn: [email protected],OU=Identities,DC=ExampleOrganization,DC=local > > changetype: add > > objectClass: top > > objectClass: person > > objectClass: organizationalPerson > > objectClass: user > > cn: [email protected] > > sn: MELDRUM > > title: MS > > givenName: LAURA > > distinguishedName: > > [email protected],OU=Identities,DC=ExampleOrganization,DC=local > > instanceType: 4 > > whenCreated: 20090508082512.0Z > > whenChanged: 20090508082512.0Z > > uSNCreated: 15381 > > uSNChanged: 15394 > > name: [email protected] > > objectGUID:: z0FREwjkVkiMPl67khJCYQ== > > userAccountControl: 512 > > badPwdCount: 0 > > codePage: 0 > > countryCode: 0 > > badPasswordTime: 0 > > lastLogoff: 0 > > lastLogon: 0 > > pwdLastSet: 128862447125126250 > > primaryGroupID: 513 > > objectSid:: ZHUAAAAAAAUVAAAAtGO > > accountExpires: 9223372036854775807 > > logonCount: 0 > > sAMAccountName: $Z21000-CA6B2SF9KI > > sAMAccountType: 805306368 > > objectCategory: > > CN=Person,CN=Schema,CN=Configuration,DC=ExampleOrganization,DC=local > > mail: [email protected] > > > > > > My relevant segment of my deploycontextconfig.xml settings is as follows: > > > > <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> > > <property name="filter" > value="sAMAccountName=%u" /> > > <property name="searchBase" > value="ou=Identities,dc=ExampleOrganization,dc=local" /> > > <property name="contextSource" > ref="contextSource" /> > > <property name="ignorePartialResultException" > value="yes" /> > > </bean> > > </list> > > </property> > > </bean> > > > > <bean id="contextSource" > class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> > > <property name="urls"> > > <list> > > <value>ldap://194.168.0.2</value> <!—ip address of my AD > machine --> > > </list> > > </property> > > <property name="userDn" > value="CN=Administrator,CN=Users,DC=ExampleOrganization,DC=local"/> > > <property name="password" value="password"/> > > <property name="baseEnvironmentProperties"> > > <map> > > <entry> > > <key> > > <value>java.naming.security.authentication</value> > > </key> > > <value>simple</value> > > </entry> > > </map> > > </property> > > </bean> > > > > Can anyone offer advice on where I am going wrong? I have followed the info > on settings for communicating with AD and would appreciate advice off > someone who is successfully communicating with CAS and AD just using the > LDAP method. > > > > > > Regards > > > > Mike Jones > > > > Identity Management Systems Administrator > > IT Systems > > University of Hull > > > > Tel: 01482 465549 > > Email: [email protected] > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > ***************************************************************************************** > To view the terms under which this email is distributed, please go to > http://www.hull.ac.uk/legal/email_disclaimer.html > ***************************************************************************************** > -- David L. Whitehurst http://www.capehenrytech.com … Providing software instruction through a sea of Technology. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
