Thank your Eric and Mavin, It works!. I removed the uid on the filter value and replaced with sAMAccountName=%u". I have also removed the CN and OU and changed the SerachBase to DC only. The authentication works great so far. I have posted the question with a fake account and fake password. I will test the LDAPS later on my next step. Thank you guys appreciate the help on this one.
This is how it worked on my case <!-- LDAP bind Authentication Handler --> <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> <property name="filter" value="sAMAccountName=%u"/> <property name="searchBase" value="DC=morgan,DC=edu"/> <property name="contextSource" ref="LDAPcontextSource"/> <property name="ignorePartialResultException" value="yes"/> On Mon, Aug 22, 2011 at 9:50 AM, Marvin Addison <[email protected]> wrote: >> <bean id="LDAPcontextSource" >> class="org.springframework.ldap.core.support.LdapContextSource"> >> <property name="pooled" value="false"/> >> <property name="urls"> >> <list> >> <value>ldap://ldap.morgan.edu:389</value> >> </list> >> </property> >> <property name="userDn" >> value="cn=joecas,OU=ServiceAccounts,DC=morgan,DC=edu"/> >> <property name="password" value="Bind)(*&"/> > > That looks like a real password. I would strongly recommend redacting > your configuration before you post to the list and changing that > password immediately. Also no sane directory allows bind attempts > over an unencrypted channel, so you must specify an LDAP URI that > indicates SSL like the following: > > ldaps://ldap.morgan.edu:636 > >> <!-- LDAP bind Authentication Handler --> >> <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> >> <property name="filter" value="uid=%u"/> >> <property name="searchBase" >> value="CN=joemsucas,OU=ServiceAccounts,DC=morgan,DC=edu"/> >> <property name="contextSource" ref="LDAPcontextSource"/> >> <property name="ignorePartialResultException" value="yes"/> >> <!-- fix because of how AD returns results --> >> </bean> > > Couple things are wrong here: > 1. searchBase is almost certainly wrong as Eric pointed out > 2. There is no uid attribute in Active Directory. You likely want > sAMAccountName=%u. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
