Removed <property name="pooled" value="true"/> Now only the new passwords work, thanks.
Now I'd like to know why it worked and why you'd want pooling to ever be set? Also, any idea why it doesn't like my admin user? From: Scott Battaglia [mailto:[email protected]] Sent: Sunday, June 28, 2009 9:55 PM To: [email protected] Subject: Re: [cas-user] Password changes ignored by CAS Did you try disabling pooling and see if that clears up your password issue? Cheers, Scott On Sun, Jun 28, 2009 at 6:54 PM, Chris Kantzer <[email protected]> wrote: Hi, We're using CAS to provide SSO for JBoss Portal using OpenDS as the LDAP. I've setup CAS to use OpenDS for authentication as shown below: <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="pooled" value="true"/> <property name="urls"> <list> <value>ldap://hostname:port</value> </list> </property> <property name="userDn" value="user"/> <property name="password" value="password"/> <property name="baseEnvironmentProperties"> <map> <entry> <key> <value>java.naming.security.authentication</value> </key> <value>simple</value> </entry> </map> </property> </bean> <property name="authenticationHandlers"> ... <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> <property name="filter" value="cn=%u" /> <property name="searchBase" value="dc=xx,dc=com" /> <property name="contextSource" ref="contextSource" /> </bean> ... </property> I am able to authenticate using the users in the ldap at the CAS login page, but I'm getting some strange behavior with passwords. If I change a password for a user I am able to authenticate through the CAS login page with EITHER the old or new password. When using an ldap browser the old password immediately does not work. I can wipe the cookies/session and the old password still works through the CAS login. The only way I can force the old password to stop working through the CAS login is by restarting the ldap server. Admittedly I am new to CAS, so I'm probably missing something key here. But I'm assuming that changes to the ldap tree should take effect pretty quickly on the CAS side. Another strange (and possibly related) issue is that the CAS login says my 'admin' user is invalid even though I verified the 'admin' user exists and works through my ldap browser. All other users are able to be authenticated at the CAS login just fine. Any help would be appreciated. Please let me know if I need to post more information. Thanks. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
