> The ldapsearch tool (provided by ldap-utils package on Debian) is > invaluable for diagnosing LDAP bind problems. Execute the following > command which attempts to bind as the user above: > > ldapsearch -H ldap://your.ldap.host -x -Z -b ou=X,o=Y,o=Z -D > uid=username,ou=X,o=Y,o=Z -W uid=user > > Omit the -Z argument if you use an ldaps URL (SSL) to talk to your LDAP host. > >
Hi Marvin, your help is being amazingly invaluable! First of all, I discovered I was being silly, using a wrong user. Only the Directory Manager is allowed to search ldap in my current configuration, so I managed to get info for "username" running this command: ldapsearch -H ldap://my.ldap.server -x -Z -b ou=X,o=Y,o=Z -D "cn=Directory Manager" -W uid=user So I adapted the deployerConfigContext.xml accordingly: <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="pooled" value="true"/> <property name="urls"> <list> <value>ldap://my.ldap.server</value> </list> </property> <property name="userDn" value="cn=Directory Manager"/> <property name="password" value="HISPASSWORD"/> <property name="baseEnvironmentProperties"> <map> <entry key="java.naming.security.authentication" value="simple" /> </map> </property> </bean> and <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> [...] <property name="authenticationHandlers"> <list> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" /> <bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" > <property name="filter" value="uid=%u,ou=X,o=Y,o=Z" /> // [I also tried with username=%u, as it's called in our ldap] <property name="contextSource" ref="contextSource" /> </bean> </list> </property> [...] </bind> The result when I try to authenticate with username "user" is always as follows: [15/Oct/2009:10:43:11 +0100] conn=374073 op=0 msgId=1 - BIND dn="username=user,ou=people,o=sghms.ac.uk,o=sghms.ac.uk" method=128 version=3 [15/Oct/2009:10:43:11 +0100] conn=374073 op=0 msgId=1 - RESULT err=32 tag=97 nentries=0 etime=0 (or uid=... in place of username) I'm wondering if I'm getting something wrong elsewhere in the deployerConfigContext.xml? Thanks again for your help, Giuseppe -- Giuseppe Sollazzo Systems Developer / Administrator Computing Services St. George's, University of London -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
