Sorry... now that I've read more of the thread, I can offer more help. Funny how that works.
The err=32 means that the dn you are binding with doesn't exist. If you look, that is the uid=user,ou=X,o=Y,o=Z. > First of all, I discovered I was being silly, using a wrong user. Only > the Directory Manager is allowed to search ldap in my current > configuration, so I managed to get info for "username" running this > command: You need ldapsearch -H ldap://my.ldap.server -x -Z -b ou=X,o=Y,o=Z -D "uid=user,ou=X,o=Y,o=Z" -W uid=user to succeed. I can't tell from your e-mail if it will or not, as I don't know what ACL's you have on your ldap. The FastBindLdapAuthenticationHandler binds to your ldap as the user, and uses the result (success/error) to judge the validity of the credentials. The ldapsearch above is a good analogue for that. Once that works, CAS auth should work (or at least progress farther). :) Ryan ----- "Giuseppe Sollazzo" <[email protected]> wrote: > The ldapsearch tool (provided by ldap-utils package on Debian) is > invaluable for diagnosing LDAP bind problems. Execute the following > command which attempts to bind as the user above: > > ldapsearch -H ldap://your.ldap.host -x -Z -b ou=X,o=Y,o=Z -D > uid=username,ou=X,o=Y,o=Z -W uid=user > > Omit the -Z argument if you use an ldaps URL (SSL) to talk to your > LDAP host. > Hi Marvin, > your help is being amazingly invaluable! > > First of all, I discovered I was being silly, using a wrong user. Only > the Directory Manager is allowed to search ldap in my current > configuration, so I managed to get info for "username" running this > command: > > ldapsearch -H ldap://my.ldap.server -x -Z -b ou=X,o=Y,o=Z -D > "cn=Directory Manager" -W uid=user > So I adapted the deployerConfigContext.xml accordingly: > > <bean id="contextSource" > class="org.springframework.ldap.core.support.LdapContextSource"> > <property name="pooled" value="true"/> > <property name="urls"> > <list> > <value>ldap://my.ldap.server</value> > </list> > </property> > <property name="userDn" value="cn=Directory Manager"/> > <property name="password" value="HISPASSWORD"/> > <property name="baseEnvironmentProperties"> > <map> > <entry key="java.naming.security.authentication" value="simple" /> > </map> > </property> > </bean> and > > <bean id="authenticationManager" > class="org.jasig.cas.authentication.AuthenticationManagerImpl"> > [...] > <property name="authenticationHandlers"> > <list> > <bean > class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" > p:httpClient-ref="httpClient" /> > <bean > class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" > > > <property name="filter" value="uid=%u,ou=X,o=Y,o=Z" /> // [I also > tried with username=%u, as it's called in our ldap] > <property name="contextSource" ref="contextSource" /> > </bean> > > </list> > </property> > [...] > </bind> > > The result when I try to authenticate with username "user" is always > as follows: > > [15/Oct/2009:10:43:11 +0100] conn=374073 op=0 msgId=1 - BIND > dn="username=user,ou=people,o=sghms.ac.uk,o=sghms.ac.uk" method=128 > version=3 > [15/Oct/2009:10:43:11 +0100] conn=374073 op=0 msgId=1 - RESULT err=32 > tag=97 nentries=0 etime=0 > > (or uid=... in place of username) > > I'm wondering if I'm getting something wrong elsewhere in the > deployerConfigContext.xml? > > Thanks again for your help, > Giuseppe > > -- > Giuseppe Sollazzo > Systems Developer / Administrator > > Computing Services > St. George's, University of London -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- Ryan Fox The University of Findlay 1000 N Main St - Findlay, OH 45840 419-434-4348 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
