Did you try disabling pooling and see if that clears up your password issue?
Cheers, Scott On Sun, Jun 28, 2009 at 6:54 PM, Chris Kantzer <[email protected]>wrote: > Hi, > We're using CAS to provide SSO for JBoss Portal using OpenDS as the LDAP. > > I've setup CAS to use OpenDS for authentication as shown below: > > <bean id="contextSource" > class="org.springframework.ldap.core.support.LdapContextSource"> > <property name="pooled" value="true"/> > <property name="urls"> > <list> > <value>ldap://hostname:port</value> > </list> > </property> > <property name="userDn" value="user"/> > <property name="password" value="password"/> > <property name="baseEnvironmentProperties"> > <map> > <entry> > <key> > > <value>java.naming.security.authentication</value> > </key> > <value>simple</value> > </entry> > </map> > </property> > </bean> > > <property name="authenticationHandlers"> > ... > <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> > <property name="filter" > value="cn=%u" /> > <property name="searchBase" > value="dc=xx,dc=com" /> > <property name="contextSource" > ref="contextSource" /> > </bean> > ... > </property> > > > I am able to authenticate using the users in the ldap at the CAS login > page, but I'm getting some strange behavior with passwords. > > If I change a password for a user I am able to authenticate through the CAS > login page with EITHER the old or new password. When using an ldap browser > the old password immediately does not work. I can wipe the cookies/session > and the old password still works through the CAS login. The only way I can > force the old password to stop working through the CAS login is by > restarting the ldap server. > > Admittedly I am new to CAS, so I'm probably missing something key here. > But I'm assuming that changes to the ldap tree should take effect pretty > quickly on the CAS side. > > Another strange (and possibly related) issue is that the CAS login says my > 'admin' user is invalid even though I verified the 'admin' user exists and > works through my ldap browser. All other users are able to be authenticated > at the CAS login just fine. > > Any help would be appreciated. Please let me know if I need to post more > information. Thanks. > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
