I am working on getting CAS (3.5.1) to authenticate to an Active Directory
server. When I attempt to authenticate (using the Login web page), I see the
following in my cas.log file:
2013-01-17 06:57:45,961 ERROR [org.jasig.cas.authentication.AuthenticationManage
rImpl] - org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler threw error a
uthenticating [username: xxxxxxxx]
org.springframework.dao.DataAccessResourceFailureException: Failed to borrow
DirContext from pool.; nested exception is
org.springframework.ldap.CommunicationException:
activedirectoryserver.foo.com:389; nested exception is
javax.naming.CommunicationException: activedirectoryserver.foo.com:389 [Root
exception is java.net.SocketTimeoutException: connect timed out]
at
org.springframework.ldap.pool.factory.PoolingContextSource.getContext(PoolingContextSource.java:425)
at
org.springframework.ldap.pool.factory.PoolingContextSource.getReadOnlyContext(PoolingContextSource.java:401)
at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:287)
at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:361)
at
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUsernamePasswordInternal(BindLdapAuthenticationHandler.java:89)
at
org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.doAuthentication(AbstractUsernamePasswordAuthenticationHandler.java:71)
at
org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate_aroundBody2(AbstractPreAndPostProcessingAuthenticationHandler.java:85)
...
I created a small Java/LDAP program that hits the Active Directory server and
it executes fine so I know the Active Directory server is visible.
Because it is having problems getting a DirContext from the pool, my assumption
is that it is either a bad property in the cas.properties file:
ldap.pool.minIdle=3
ldap.pool.maxIdle=5
ldap.pool.maxSize=10
ldap.pool.maxWait=10000
ldap.pool.evictionPeriod=600000
ldap.pool.idleTime=1200000
ldap.pool.testWhileIdle=true
ldap.pool.testOnBorrow=false
server.name=https://casserver.foo.com:8443
server.prefix=${server.name}/cas
cas.securityContext.serviceProperties.service=${server.prefix}/services/j_acegi_
cas_security_check
host.name=cas01
cas.securityContext.serviceProperties.adminRoles=ROLE_ADMIN
cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${server.prefix}/login
cas.securityContext.ticketValidator.casServerUrlPrefix=${server.prefix}
cas.securityContext.casProxyTicketValidator.casValidate=${server.prefix}/proxyValidate
cas.securityContext.status.allowedSubnet=127.0.0.1
cas.themeResolver.defaultThemeName=cas-theme-default
cas.viewResolver.basename=default_views
database.hibernate.dialect=org.hibernate.dialect.OracleDialect
or a bad entry in the contextSource section of the deployerConfigContext.xml
file:
<bean id="contextSource" class="org.springframework.ldap.core.support.LdapCo
ntextSource">
<property name="pooled" value="false" />
<property name="url" value="ldap://activedirectoryserver.foo.com"; />
<property name="userDn" value="cn=adminuser,ou
=OUUnit,dc=domain,dc=com"/>
<property name="password" value="somepassword"/>
<property name="baseEnvironmentProperties">
<map>
<entry key="com.sun.jndi.ldap.connect.timeout" value="3000" />
<entry key="com.sun.jndi.ldap.read.timeout" value="3000" />
<entry key="java.naming.security.authentication" value="simple"
/>
</map>
</property>
</bean>
Thoughts on what entry I have wrong that I cannot get a pooled DirContext?
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
