AD will allow unencrypted authentication, but as Andy points out "561796" is not a vaild DN.
Brady McClenon Senior Server Administrator SUNY Oneonta 607-436-3203 Lincoln: Is that even possible? Walter: It's possible, of course. Leprechauns are possible. > -----Original Message----- > From: Andrew Morgan [mailto:[email protected]] > Sent: Wednesday, May 30, 2012 12:45 PM > To: [email protected] > Subject: Re: [cas-user] Issue Connecting to Active Directory using CAS > > On Wed, 30 May 2012, Dan wrote: > > > I am new to CAS and have been trying to authenticate to Active Directory > > LDAP via CAS. I am able to view the Active Directory LDAP via Active > > Directory Explorer but keep getting an error "Servlet.service() for > > servlet [cas] in context with path [/cas] threw exception [Request > > processing failed; nested exception is > > org.springframework.webflow.execution.ActionExecutionException: > > Exception thrown executing [AnnotatedAction@569d0170 targetAction = > > [EvaluateAction@5dc98c7c expression = > > authenticationViaFormAction.submit(flowRequestContext, > > flowScope.credentials, messageContext), resultExpression = [null]], > > attributes = map[[empty]]] in state 'realSubmit' of flow 'login' -- > > action execution attributes were 'map[[empty]]'] with root cause > > javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: > > LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, > > v1db0 ] > > LDAP error code 49 is a failed authentication. From your > deployerConfigContext.xml file: > > <property name="urls"> > <list> > <value>ldap://10.12.60.106:389</value> > <!-- <value>ldap://localhost:389/</value>--> > </list> > </property> > <property name="userDn" value="561769"/> > <property name="password" value="*****************"/> > > You probably want to specify "ldaps://10.12.60.106". I think AD will only > allow authentication on an encrypted channel. > > Also, your userDN value should be an LDAP DN, not a username. Something > like "cn=cas_auth,cn=users,dc=bah,dc=com". > > Andy > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see http://www.ja- > sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
