Just a note that you can simplify your configuration and apply the "attributeRepository" directly to the UsernamePasswrodCredentialsToPrincipalResolver. You usually only use the CredentialsToLdapAttributePrincipalResolver to map the username provided to something else.
That said I don't see anything crazy off the top of my head, but I'll double check my AD config at home. Cheers, Scott On Tue, Jun 16, 2009 at 3:59 PM, Winter, James <[email protected]> wrote: > Inside of credentialsToPrincipalResolvers: > > > > <bean > class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver"> > > <property name="credentialsToPrincipalResolver"> > > <bean > class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" > /> > > </property> > > <property name="filter" value="(sAMAccountName=%u)" /> > > <property name="principalAttributeName" value="Name" /> > > <property name="searchBase" > value="CN=Users,DC=school,DC=edu" /> > > <property name="contextSource" ref="contextSource" /> > > <property name="attributeRepository"> > > <ref bean="attributeRepository" /> > > </property> > > </bean> > > > > And the attributeRepository: > > > > <bean id="attributeRepository" > class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> > > <property name="baseDN" value="cn=Users,dc=school,dc=edu" /> > > <property name="query" value="(samAccountName={0})" /> > > <property name="contextSource" ref="contextSource" /> > > <property name="ldapAttributesToPortalAttributes"> > > <map> > > <entry key="samAccountName" > value="Name" /> > > <entry value="mail" > key="EmailAddress" /> > > </map> > > </property> > > </bean> > > > > This is the contextSource: > > > > <bean id="contextSource" > class="org.springframework.ldap.core.support.LdapContextSource"> > > <property name="urls"> > > <list> > > <value>ldap:// > server.school.edu</value> > > </list> > > </property> > > <property name="userDn" value="{full DN for user}"/> > > <property name="password" value="{password}"/> > > <property name="baseEnvironmentProperties"> > > <map> > > <entry> > > > <key> > > > <value>java.naming.security.authentication</value> > > > </key> > > > <value>simple</value> > > </entry> > > </map> > > </property> > > </bean> > > > > *James Winter* > > 215.517.2588 > > > > *From:* Scott Battaglia [mailto:[email protected]] > *Sent:* Tuesday, June 16, 2009 3:41 PM > > *To:* [email protected] > *Subject:* Re: [cas-user] CAS and Active Directory > > > > Can you post your config minus the password and any other incriminating > evidence? Also, does the binding user have permission to see the attributes > you're trying to retrieve? > > Cheers, > Scott > > On Tue, Jun 16, 2009 at 3:40 PM, Winter, James <[email protected]> > wrote: > > I am using the same contextSource, yes. > > > > *James Winter* > > 215.517.2588 > > > > *From:* Scott Battaglia [mailto:[email protected]] > *Sent:* Tuesday, June 16, 2009 3:37 PM > *To:* [email protected] > *Subject:* Re: [cas-user] CAS and Active Directory > > > > According to my quick google search, that usually means an error in the > username provided to bind. Are you using the same LdapContextSource for the > bind authentication handler AND the attribute stuff? > > Cheers, > Scott > > On Tue, Jun 16, 2009 at 3:18 PM, James Winter <[email protected]> wrote: > > I always get this error: > > org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - > 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data > 525 > > But again, the authentication itself works correctly, just not any of the > attributes. I think I just need an example deployerConfigContext to get me > started. I cobbled together some examples, but I didn't get very far. > -- > > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > > You are currently subscribed to [email protected] as: > [email protected] > > > > > > > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > > > > You are currently subscribed to [email protected] as: > [email protected] > > > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
