Thanks Scott,
This certainly helped. I chose the “LDAP Requiring Authenticated Search”
option and copied the example verbatim. Just to keep things simple, I didn’t
load the new LDAP properties from a cas.properties or ldap.properties file,
instead I just added them directly to the new beans that I pasted in.
When I deploy to Tomcat, I get the following exception:
Caused by:
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name ‘bindConnectionPool’ defined in ServletContext resource
[/WEB-INF/deployerConfigContext.xml]: Invocation of init method failed; nested
exception is java.lang.IllegalArgumentException: path must start with either
classpath: or file:
Not sure what “path” its complaining about. The only path I can find in the
newly-added beans is for the ldapUrl property in this bean:
<bean id="abstractConnectionConfig" abstract="true"
class="org.ldaptive.ConnectionConfig"
p:ldapUrl="ldaps://myldap.example.com:636"
p:connectTimeout="3000"
p:useStartTLS="true"
p:sslConfig-ref="sslConfig" />
…but not sure. I would think that the “ldaps” protocol would be acceptable
here, if its not do you know what I should use? (For obvious security reasons,
I can’t post the actual server name). Also, for the following bean:
<bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
<property name="credentialConfig">
<bean
class="org.ldaptive.ssl.X509CredentialConfig"
p:trustCertificates="mycert" />
</property>
</bean>
The SSL cert “mycert” is what I see as a key alias when I do a “keytool -list
-keystore mykeys.jks” (which is the keystore that Tomcat is configured to use).
I can’t find anything in the ldaptive docs, but wanted to make sure that I
have botched the trust cert name somehow. Does this look correct to you?
Thanks again!
From: Scott Battaglia [mailto:[email protected]]
Sent: Friday, June 13, 2014 2:20 PM
To: [email protected]
Subject: Re: [cas-user] CAS: Example of LDAP authentication for CAS 4.0?
I think this should point you in the right direction:
http://jasig.github.io/cas/4.0.0/installation/LDAP-Authentication.html
On Fri, Jun 13, 2014 at 2:03 PM, Zac Harvey
<[email protected]<mailto:[email protected]>> wrote:
I have a CAS server on 3.5.2.1 and am upgrading it to 4.0. In my
deployerConfigContext.xml I have the following beans defined:
<!-- This ldapAuthHandler bean used to be of type
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler prior to trying to
upgrade… -->
<bean id=”ldapAuthHandler”
class=”org.jasig.cas.authentication.LdapAuthenticationHandler”>
<!-- several other properties here, omitted for
brevity -->
<property name=”contextSource”
ref=”contextSource” />
</bean>
<bean id=”contextSource”
class=”org.springframework.ldap.core.support.LdapContextSource”>
<!-- lots of stuff -->
</bean>
When I deploy this I get a runtime classpath saying that
“org.springframework.ldap.core.support.LdapContextSource” doesn’t exist. I
looked at my pom.xml and see:
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-support-ldap</artifactId>
<version>${cas.version}</version>
</dependency>
So I go into my local ~/.m2 cache and find cas-server-support-ldap’s pom.xm;
and I *don’t* see it pulling in:
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
<version>2.0.2.RELEASE</version>
</dependency>
…like I expected it to (this was the behavior with 3.5.2.1). This explains why
the upgrade to 4.0 is breaking, but for the life of me I can’t find a good
working example of LDAP-based auth in CAS 4.0. Any ideas? Thanks in advance!
--
You are currently subscribed to
[email protected]<mailto:[email protected]> as:
[email protected]<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
[email protected]<mailto:[email protected]> as:
[email protected]<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
