Re: [cas-user] CAS and Active directory.

[Antony MARTINEAU]

Thanks could you show me your config.properties ??
have you modified anything else?
deployercConfigcontext.xml is modified buy cas-toolbox?

Antony MARTINEAU  Service informatique Technicien Informatique LIPPI Management	La Fouillouse 16440 Mouthiers sur Boeme Tel.: 0545673435 Fax: 0545673435 Courriel: antony.martin...@lippi.fr http://www.lippi.fr

-----Johan Reinalda <jo...@global.thunderbird.edu> wrote: -----

To: cas-user@lists.jasig.org
From: Johan Reinalda <jo...@global.thunderbird.edu>
Date: 23/09/2009 17:52
Subject: Re: [cas-user] CAS and Active directory.

Antony,

 

I've attached is a functional deployerConfigContext.xml for an AD fastbind setup.

I've removed our school specific data. Here is scoop:

 

- The AD name is   ad.yourschool.edu

- There are 3 domain controllers configured,  ldap1/2/3.ad.yourschool.edu

- User accounts for CAS are stored below  WEB.ad.yourschool.edu

- The user binding to search the AD ldap tree to find the login user is  cas.AppAccount.ad.yourschool.edu

- there is some addtional config to read a couple of AD attributes and returns them to the CAS user object.

 

You can also bind to AD Ldap with SSL, install a proper certificate and the DC's you use, and then change ldap:// to ldaps:// (See more at MS KB 321051)

 

I hope this helps,

Good luck!

 

Johan

 

----- Original Message -----

From: Antony MARTINEAU

To: cas-user@lists.jasig.org

Sent: Wednesday, September 23, 2009 8:02 AM

Subject: [cas-user] CAS and Active directory.

Hello,
there is a long time i try to connect CAS whith my active directory.

For it, i use cas-toolbox, i have follow this method, because this is the only permit cas to start whith ldap.

my config.properties:

# Ldap properties
ldap.host.1=ldap://192.168.1.211
ldap.basedn=uid...@mouthiers.priv
#ldap.Users.basedn=ou=Users,dc=mouthiers,dc=priv
#ldap.users.filter...@mouthiers.priv

# file authenticate layer
passfile.encode-algo=MD5
passfile.location=classpath:/../usersFile
log.dir=${catalina.home}/logs

#cas host
cas.host=localhost
# cas uri (empty if /)
cas.uri=
# cas port empty (if standard)
cas.port=:8080

#User allow to use services manager (services/manage.html)
security.useradmin=admin

# graphic theme
theme=default
views=default

# auth layer to use
# see build.properties to view all
cas.authHandlers=ldapHandler



my build.properties

#deploy dir
deploy.path=/srv/www/tomcat5/base/webapps/cas

#configuration file to use
config.file=${basedir}/config.properties
#config.file=${basedir}/resources/quickstart/quickstart.properties

#use maven dependency offline
#must run on time inline
maven.offline=true

#SVN part to get other update
svnant.update.url="">
svnant.repository.user=
svnant.repository.passwd=
svnant.update.path=${basedir}/update.esup
svnant.update.version=HEAD

# do not change after this line
#package configuration
package.name=cas-toolbox
package.version=1
package.build.path=${build.path}/package

#quickstart configruation
#config.file=${basedir}/resources/quickstart/quickstart.properties
quickstart.name=cas-quickstart
quickstart.version=1
quickstart.build.path=${build.path}/quickstart
quickstart.ressource.path=${resources.path}/quickstart

#maven properties
maven.ant.task.version=2.0.9
maven.local.dir=maven-repository
maven.local.repository=${basedir}/build/${maven.local.dir}
maven.package.name=cas-maven-repository
maven.proxy.host=
maven.proxy.port=8080
maven.proxy.username=
maven.proxy.password=

update.path=${basedir}/update
#${basedir}/update.esup
#${basedir}/update.stats
#${basedir}/update.memcache
custom.path=${basedir}/custom
build.path=${basedir}/build
resources.path=${basedir}/resources

cas.build.path=${build.path}/cas
cas.update.webpage.path=${update.path}/webpages
cas.custom.webpage.path=${custom.path}/webpages
cas.update.source.path=${update.path}/source
cas.custom.source.path=${custom.path}/source

quickstart.build.path=${build.path}/quickstart
quickstart.ressource.path=${resources.path}/quickstart

simpleTestHandler.name=
simpleTestHandler.conf=simpletest-auth.xml
~


After a ant ini   and a ant deploy cas start whith no problem.
But the authentification does not work.

2009-09-23 16:51:14,180 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler failed to authenticate the user which provided the following credentials: [username: vme].

Could you help me please, to connect CAS whith my active directory...

Cordialement,

Antony MARTINEAU Service informatique Technicien Informatique LIPPI Management	La Fouillouse 16440 Mouthiers sur Boeme Tel.: 0545673435 Fax: 0545673435 Courriel: antony.martin...@lippi.fr http://www.lippi.fr

Ce message et toutes les pieces jointes sont etablis a l'attention exclusive de ses destinataires et sont strictement confidentiels. Pour en savoir plus cliquer ici

This message and any attachments are confidential to the ordinary user of the e-mail address to which it was addressed and may also be privileged. More information

--
You are currently subscribed to cas-user@lists.jasig.org as: jo...@global.thunderbird.edu
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

--
You are currently subscribed to cas-user@lists.jasig.org as: antony.martin...@lippi.fr
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

[attachment "deployerConfigContext.xml" removed by Antony MARTINEAU/INFORMATIQUE/LIPPI]

Ce message et toutes les pieces jointes sont etablis a l'attention exclusive de ses destinataires et sont strictement confidentiels. Pour en savoir plus cliquer ici
This message and any attachments are confidential to the ordinary user of the e-mail address to which it was addressed and may also be privileged. More information

-- 
You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user