Re: [cas-user] CAS + Multiple BindLdapAuthenticationHandler

Thu, 06 May 2010 15:40:44 -0700 

Scott Battaglia escribió:
> You can have as many of the same type of handler as you want.  They are
> attempted in the order in which they are configured.

Scott, Eric and Dean:

I'm trying to define two beans for BindLdapAuthenticationHandler but the
expected behaviour (falling back to the second bean) is not working for
me, these are my beans in deployerConfigContext.xml:

<bean id="alpha"
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
        <property name="filter" value="uid=%u" />
        <property name="searchBase" value="dc=alpha,dc=com" />
        <property name="contextSource" ref="contextSource" />
</bean>

<bean id="beta"
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
        <property name="filter" value="uid=%u" />
        <property name="searchBase" value="dc=beta,dc=com" />
        <property name="contextSource" ref="contextSource" />
</bean>

those are defined inside the <property name="authenticationHandlers">
list of the <bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">

contextSource is also configured to:

<bean id="contextSource"
class="org.springframework.ldap.core.support.LdapContextSource">
        <property name="url" value="ldap://localhost/"; />
</bean>

If I try to login with a user from 'alpha', login succeeds, with a user
from 'beta', login does not succeed, and this gets in the log:

2010-05-06 18:30:54,734 INFO
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - Search for
uid=bob returned 0 results.

2010-05-06 18:30:54,735 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
AuthenticationHandler:
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler failed to
authenticate the user which provided the following credentials: [userna
me: bob]

If I switch the two beans, then 'beta' succeeds and the other doesn't.
Am I missing something else for automatic fallback of these beans?

Note that I'm not using credentials-to-principal resolvers, maybe I need
to set them up as in Eric's example?

Thanks for your time,

-- 
José Miguel Parrella Romero (bureado.com.ve)          PGP: 0×88D4B7DF
Debian Developer                                Caracas, VE/Quito, EC

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to