Inside of credentialsToPrincipalResolvers:
<bean
class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttribute
PrincipalResolver">
<property name="credentialsToPrincipalResolver">
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredential
sToPrincipalResolver" />
</property>
<property name="filter" value="(sAMAccountName=%u)" />
<property name="principalAttributeName" value="Name" />
<property name="searchBase"
value="CN=Users,DC=school,DC=edu" />
<property name="contextSource" ref="contextSource" />
<property name="attributeRepository">
<ref bean="attributeRepository" />
</property>
</bean>
And the attributeRepository:
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"
>
<property name="baseDN" value="cn=Users,dc=school,dc=edu" />
<property name="query" value="(samAccountName={0})" />
<property name="contextSource" ref="contextSource" />
<property name="ldapAttributesToPortalAttributes">
<map>
<entry
key="samAccountName" value="Name" />
<entry value="mail"
key="EmailAddress" />
</map>
</property>
</bean>
This is the contextSource:
<bean id="contextSource"
class="org.springframework.ldap.core.support.LdapContextSource">
<property name="urls">
<list>
<value>ldap://server.school.edu</value>
</list>
</property>
<property name="userDn" value="{full DN for user}"/>
<property name="password" value="{password}"/>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>java.naming.security.authentication</value>
</key>
<value>simple</value>
</entry>
</map>
</property>
</bean>
James Winter
215.517.2588
From: Scott Battaglia [mailto:[email protected]]
Sent: Tuesday, June 16, 2009 3:41 PM
To: [email protected]
Subject: Re: [cas-user] CAS and Active Directory
Can you post your config minus the password and any other incriminating
evidence? Also, does the binding user have permission to see the
attributes you're trying to retrieve?
Cheers,
Scott
On Tue, Jun 16, 2009 at 3:40 PM, Winter, James <[email protected]>
wrote:
I am using the same contextSource, yes.
James Winter
215.517.2588
From: Scott Battaglia [mailto:[email protected]]
Sent: Tuesday, June 16, 2009 3:37 PM
To: [email protected]
Subject: Re: [cas-user] CAS and Active Directory
According to my quick google search, that usually means an error in the
username provided to bind. Are you using the same LdapContextSource for
the bind authentication handler AND the attribute stuff?
Cheers,
Scott
On Tue, Jun 16, 2009 at 3:18 PM, James Winter <[email protected]>
wrote:
I always get this error:
org.springframework.ldap.AuthenticationException: [LDAP: error code 49 -
80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error,
data 525
But again, the authentication itself works correctly, just not any of
the attributes. I think I just need an example deployerConfigContext to
get me started. I cobbled together some examples, but I didn't get very
far.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
