Re: ldaps connection pb

[Laurent Domenech]

 Thanks, this was the problem. I had two keystores and of course the one used by tomcat didn't have the certificate while the JVM's had it.   Now, I'm unfortunately not done... The ldaps connection seems to go smoothly now but the authentication fails. I'm unclear as to how to configure some properties of the deployerConfigContext.xml.   1- Our users are in various sub-trees of the forest. Does the BindLdapAuthenticationHandler bean perform a search over the sub-trees or just the root? If the root, how can we set it to search in the whole directory?   Next I have a problem with the username we use to do the bind. This user is under an OU called 'speciaux'. When the OU is set in the searchBase property of the BindLdapAuthenticationHandler, then it seems to do the bind properly but then doesn't authenticate the user (it just says 'error in credentials'). If I remove the 'speciaux' OU from the searchBase property of the BindLdapAuthenticationHandler, I have this error:   2006-10-19 11:21:17,276 ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cas].[cas]] - <"Servlet.service()" pour la servlet cas a généré une exception> javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=ensieta,dc=ecole'  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2763) 2- Is there a way in the contextSource bean to provide the full path of the bind user?       Here is what I have:   <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">      <property name="filter" value="uid=%u" />      <property name="searchBase" value="ou=speciaux,dc=ensieta,dc=ecole" />      <property name="contextSource" ref="contextSource" /> </bean> .../...  <bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">   <property name="authenticatedReadOnly" value="true" />   <property name="userName" value="binduser" />   <property name="password" value="pwd" />   <property name="pooled" value="true" />   <property name="urls">    <list>     <value>ldaps://boulez.ensieta.ecole/</value>     <value>ldaps://bruckner.ensieta.ecole/</value>    </list>   </property>   <property name="baseEnvironmentProperties">    <map>     <entry>             <key><value>java.naming.security.protocol</value></key>             <value>ssl</value>            </entry>     <entry>             <key><value>java.naming.security.authentication</value></key>             <value>simple</value>            </entry>           </map>   </property>  </bean>     ----   Thanks for your help, Laurent     ----- Original Message ----- From: Scott Battaglia To: Yale CAS mailing list Sent: Thursday, October 19, 2006 2:39 AM Subject: Re: ldaps connection pb I would just double check that the certificate is in the correct cacerts file (%JAVA_HOME%\jre\lib\security\cacerts) for the JVM you are starting up your CAS server in (we have had instances where people have had multiple JVMs installed). -Scott

_______________________________________________
Yale CAS mailing list
cas@tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas