Still getting the same error: Does pooling use a differnt method?
2015-03-03 19:57:40,646 INFO
[org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 1 services.>
2015-03-03 19:57:43,826 ERROR [org.ldaptive.pool.BlockingConnectionPool] -
<unable to connect to the ldap>
[org.ldaptive.provider.ConnectionException@1704762760::resultCode=PROTOCOL_ERROR,
matchedDn=null, responseControls=null, referralURLs=null, messageId=-1,
providerException=javax.naming.CommunicationException: 10.10.10.10:636
[Root exception is javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: Hostname '[10.10.10.10]' does not
match the hostname in the server's certificate]]
Here what I have put into the deployer... , I was guessing as to how the
new code would fit in so im sure there has to be something wrong. I had to
remove the abstract=true in the ...ConnectionConfig because the
ConnectionFactory would not except an abstract bean.
<bean id="ldapAuthenticationHandler"
class="org.jasig.cas.authentication.LdapAuthenticationHandler"
p:principalIdAttribute="sAMAccountName"
c:authenticator-ref="authenticator"
p:passwordPolicyConfiguration-ref="passwordPolicy">
<property name="principalAttributeMap">
<map>
<!--
| This map provides a simple attribute resolution mechanism.
| Keys are LDAP attribute names, values are CAS attribute
names.
| Use this facility instead of a PrincipalResolver if LDAP is
| the only attribute source.
-->
<entry key="displayName" value="displayName" />
<entry key="mail" value="mail" />
<entry key="memberOf" value="memberOf" />
</map>
</property>
</bean>
<bean id="authenticator" class="org.ldaptive.auth.Authenticator"
c:resolver-ref="dnResolver"
c:handler-ref="authHandler">
<property name="authenticationResponseHandlers">
<util:list>
<bean
class="org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler"
/>
</util:list>
</property>
</bean>
<!--
| The following DN format works for many directories, but may need to be
| customized.
-->
<bean id="dnResolver" class="org.ldaptive.auth.PooledSearchDnResolver"
p:baseDn="${ldap.baseDn}"
p:allowMultipleDns="false"
p:subtreeSearch="true"
p:connectionFactory-ref="searchPooledLdapConnectionFactory"
p:userFilter="${ldap.authn.searchFilter}" />
<bean id="searchPooledLdapConnectionFactory"
class="org.ldaptive.pool.PooledConnectionFactory"
p:connectionPool-ref="searchConnectionPool" />
<bean id="searchConnectionPool" parent="abstractConnectionPool"
p:connectionFactory-ref="searchConnectionFactory" />
<bean id="searchConnectionFactory"
class="org.ldaptive.DefaultConnectionFactory"
p:connectionConfig-ref="searchConnectionConfig" />
<bean id="searchConnectionConfig" parent="abstractConnectionConfig"
p:connectionInitializer-ref="bindConnectionInitializer" />
<bean id="bindConnectionInitializer"
class="org.ldaptive.BindConnectionInitializer"
p:bindDn="${ldap.authn.managerDN}">
<property name="bindCredential">
<bean class="org.ldaptive.Credential"
c:password="${ldap.authn.managerPassword}" />
</property>
</bean>
<bean id="abstractConnectionPool" abstract="true"
class="org.ldaptive.pool.BlockingConnectionPool"
init-method="initialize"
p:poolConfig-ref="ldapPoolConfig"
p:blockWaitTime="${ldap.pool.blockWaitTime}"
p:validator-ref="searchValidator"
p:pruneStrategy-ref="pruneStrategy"
p:connectionFactory-ref="connectionFactory" />
<!-- Test with different socket factory -->
<bean id="socketFactory" class="org.ldaptive.ssl.TLSSocketFactory"
p:hostnameVerifier-ref="hostnameVerifier" />
<bean id="providerConfig"
class="org.ldaptive.provider.jndi.JndiProviderConfig"
p:sslSocketFactory-ref="socketFactory" />
<bean id="provider" class="org.ldaptive.provider.jndi.JndiProvider"
p:providerConfig-ref="providerConfig" />
<bean id="connectionFactory" class="org.ldaptive.DefaultConnectionFactory"
p:ConnectionConfig-ref="abstractConnectionConfig"
p:provider-ref="provider" />
<!-- ######################################### -->
<bean id="abstractConnectionConfig"
class="org.ldaptive.ConnectionConfig"
p:ldapUrl="${ldap.url}"
p:connectTimeout="${ldap.connectTimeout}"
p:useStartTLS="${ldap.useStartTLS}"
p:sslConfig-ref="sslConfig" />
<bean id="ldapPoolConfig" class="org.ldaptive.pool.PoolConfig"
p:minPoolSize="${ldap.pool.minSize}"
p:maxPoolSize="${ldap.pool.maxSize}"
p:validateOnCheckOut="${ldap.pool.validateOnCheckout}"
p:validatePeriodically="${ldap.pool.validatePeriodically}"
p:validatePeriod="${ldap.pool.validatePeriod}" />
<bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
<property name="credentialConfig">
<bean class="org.ldaptive.ssl.KeyStoreCredentialConfig"
p:keyStore="${ldap.trustedCert}"
p:keyStoreType="JKS"
p:keyStorePassword="changeit" />
</property>
</bean>
<bean id="hostnameVerifier"
class="org.ldaptive.ssl.AllowAnyHostnameVerifier"
/>
<bean id="pruneStrategy" class="org.ldaptive.pool.IdlePruneStrategy"
p:prunePeriod="${ldap.pool.prunePeriod}"
p:idleTime="${ldap.pool.idleTime}" />
<bean id="searchValidator" class="org.ldaptive.pool.SearchValidator" />
<bean id="authHandler"
class="org.ldaptive.auth.PooledBindAuthenticationHandler"
p:connectionFactory-ref="bindPooledLdapConnectionFactory" />
<bean id="bindPooledLdapConnectionFactory"
class="org.ldaptive.pool.PooledConnectionFactory"
p:connectionPool-ref="bindConnectionPool" />
<bean id="bindConnectionPool" parent="abstractConnectionPool"
p:connectionFactory-ref="bindConnectionFactory" />
<bean id="bindConnectionFactory"
class="org.ldaptive.DefaultConnectionFactory"
p:connectionConfig-ref="bindConnectionConfig" />
<bean id="bindConnectionConfig" parent="abstractConnectionConfig" />
On Mon, Mar 2, 2015 at 6:39 PM, Daniel Fisher <[email protected]> wrote:
> On Mon, Mar 2, 2015 at 11:02 AM, Jim Price <[email protected]>
> wrote:
>
>> I'm not really a programmer and need a little guidance. Im guessing that
>> ldaptive is brought in by maven as a dependency could you point me in a
>> direction in how this could be overwritten or the method replaced.
>>
>
> I'm not sure if you're tripping over trust errors or hostname verification
> errors.
> Ldaptive injects a custom socket factory if you're using LDAPS to perform
> hostname verification.
> If you want to change that behavior you can tell JNDI to use a specific
> SocketFactory.
> This should get you back to the behavior you had before:
>
> <bean id=“socketFactory” class="org.ldaptive.ssl.TLSSocketFactory” />
>
> <bean id=“providerConfig”
> class="org.ldaptive.provider.jndi.JndiProviderConfig”
> p:sslSocketFactory-ref=“socketFactory” />
>
> <bean id=“provider” class="org.ldaptive.provider.jndi.JndiProvider”
> p:providerConfig-ref=“providerConfig" />
>
> <bean id="connectionFactory" class="org.ldaptive.DefaultConnectionFactory"
> p:connectionConfig-ref="connectionConfig"
> p:provider-ref=“provider” />
>
> --Daniel Fisher
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
