[cas-user] Trouble debugging LDAP problem

Thu, 30 Aug 2012 06:52:19 -0700 

Hi,
I made a trivial Hello World webapp and am trying to protect it with CAS
3.5.0 using LDAP/Active Directory as my authentication handler. When I
try to access my Hello World app, I am correctly routed to a login
screen. When I enter my credentials, however, I am rejected. The CAS GUI
responds with:

    The credentials you provided cannot be determined to be authentic.

I went through the logs in the Tomcat 7 log directory, and the only one
with any information is tomcat7-stdout.log, which says:

    2012-08-30 09:31:28,051 ERROR
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler threw error
authenticating [username: steine]>

No stack trace or other information. I have Tomcat's logging.properties
set to log FINEST:
 
    org.jasig.cas = FINEST

How do I get more information about the error? Does this mean CAS is
saying LDAP has no matching user/password pairing? 

Attached is our deployerConfigContext.xml with customized values
replaced with CUSTOM_VALUE. No other overlays are being used.

Thanks,
Eric Stein

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user
<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans";
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
       xmlns:p="http://www.springframework.org/schema/p";
       xmlns:sec="http://www.springframework.org/schema/security";
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd";>

    <bean id="authenticationManager"
        class="org.jasig.cas.authentication.AuthenticationManagerImpl">

        <property name="credentialsToPrincipalResolvers">
            <list>
                <bean
                    class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
                <bean
                    class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
            </list>
        </property>

        <property name="authenticationHandlers">
            <list>
                <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
                    p:httpClient-ref="httpClient" />

                <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
                      p:filter="sAMAccountName=%u"
                      p:searchBase="dc=CUSTOM_VALUE,dc=CUSTOM_VALUE"
                      p:contextSource-ref="contextSource"
                      p:ignorePartialResultException="true" />
            </list>
        </property>
    </bean>

    <bean id="contextSource"
          class="org.springframework.ldap.core.support.LdapContextSource">
		  
        <property name="pooled" value="false" />
        <property name="url" value="ldaps://CUSTOM_VALUE" />
        <property name="baseEnvironmentProperties">
            <map>
                <entry key="com.sun.jndi.ldap.connect.timeout" value="3000" />
                <entry key="com.sun.jndi.ldap.read.timeout" value="3000" />
                <entry key="java.naming.security.authentication"
                       value="simple" />
            </map>
        </property>
    </bean>

    <sec:user-service id="userDetailsService">
        <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />
    </sec:user-service>

    <bean id="attributeRepository"
        class="org.jasig.services.persondir.support.StubPersonAttributeDao">
        <property name="backingMap">
            <map>
                <entry key="uid" value="uid" />
                <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> 
                <entry key="groupMembership" value="groupMembership" />
            </map>
        </property>
    </bean>
    
    <bean
        id="serviceRegistryDao"
        class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
            <property name="registeredServices">
                <list>
                    <bean class="org.jasig.cas.services.RegexRegisteredService">
                        <property name="id" value="0" />
                        <property name="name" value="HTTP and IMAP" />
                        <property name="description" value="Allows HTTP(S) and IMAP(S) protocols" />
                        <property name="serviceId" value="^(https?|imaps?)://.*" />
                        <property name="evaluationOrder" value="10000001" />
                    </bean>
                </list>
            </property>
        </bean>

  <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
  
  <bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor">
    <property name="monitors">
      <list>
        <bean class="org.jasig.cas.monitor.MemoryMonitor"
            p:freeMemoryWarnThreshold="10" />

        <bean class="org.jasig.cas.monitor.SessionMonitor"
            p:ticketRegistry-ref="ticketRegistry"
            p:serviceTicketCountWarnThreshold="5000"
            p:sessionCountWarnThreshold="100000" />
      </list>
    </property>
  </bean>
  
  
  
  
</beans>

Reply via email to