It probably failed with that exception because you are trying to access the
server security over an insecure port.
-Scott
On 2/7/07, Old Man <[EMAIL PROTECTED]> wrote:
hi verybody:
strange things. when i change my deployerConfigContext file like
this:
......
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
>
<property name="filter" value="cn=%u" />
<property name="searchBase"
value="cn=users,dc=OPDEVNET" />
<property name="contextSource" ref="contextSource"
/>
</bean>
</list>
</property>
</bean>
<bean id="contextSource" class="
org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource ">
<property name="userName" value="administrator" />
<property name="password" value="mypassword" />
<property name="urls">
<list>
<value>ldaps://onepoint-winser:389</value>
</list>
</property>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key><value>
java.naming.security.authentication</value></key>
<value>simple</value>
</entry>
</map>
</property>
</bean>
</beans>
i only change ldap:// to ldaps:// the error information is diferent below,
it seems this is a SSL connection. but it is obvious that i use simple
connection. port is 389. i don't know why ? i am tired with similar
problems for many days. thank you very much.
org.springframework.webflow.engine.ActionExecutionException: Exception
thrown executing [EMAIL PROTECTED] targetAction =
[EMAIL PROTECTED] , attributes =
map['method' -> 'submit']] in state 'submit' of flow 'login-webflow' --
action execution attributes were 'map['method' -> 'submit']'; nested
exception is org.springframework.dao.DataRetrievalFailureException: Unable
to communicate with LDAP server; nested exception is
javax.naming.CommunicationException: simple bind failed:
onepoint-winser:389 [Root exception is javax.net.ssl.SSLHandshakeException:
Remote host closed connection during handshake]
Caused by:
org.springframework.dao.DataRetrievalFailureException: Unable to
communicate with LDAP server; nested exception is
javax.naming.CommunicationException: simple bind failed:
onepoint-winser:389 [Root exception is javax.net.ssl.SSLHandshakeException:
Remote host closed connection during handshake]
Caused by:
javax.naming.CommunicationException: simple bind failed:
onepoint-winser:389 [Root exception is javax.net.ssl.SSLHandshakeException:
Remote host closed connection during handshake]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2637)
at com.sun.jndi.ldap.LdapCtx .<init>(LdapCtx.java:283)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java
:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java
:193)
-------------------------------------------------------------------------------------------------------------------------------------------------------------
On 2/6/07, Old Man <[EMAIL PROTECTED]> wrote:
>
> hi:
>
> i config the deployerConfigContext.xml file according to guide.
> http://www.ja-sig.org/products/cas/server/ldapauthhandler/index.html
> but i get the screen below, when i login on server.
>
> -------------------------------------
> CAS is Unavailable
>
> A general exception occurred while trying to access CAS. Please notify
> your system administrator.
> ----------------------------------------
>
> i use windows ldap client to connect AD, and it works.
> i use cas-server 3.0.6 and tomcat 5.5.17 in jahia. and my jdk 1.5.0.6
> below is the configure of the deployerConfigContext.xml file
>
> --------------------------------
> <beans>
>
> <bean id="authenticationManager"
> class="org.jasig.cas.authentication.AuthenticationManagerImpl">
>
>
> <property name="credentialsToPrincipalResolvers">
> <list>
>
> <bean
> class="
>
org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
> />
>
> <bean
> class="
>
org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
> />
> </list>
> </property>
>
> <property name="authenticationHandlers">
> <list>
>
> <bean
> class="
>
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> />
>
>
> <bean class="
> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
> <property name="filter" value="uid=%u" />
> <property name="searchBase"
> value="cn=users,dc=OPDEVNET" />
> <property name="contextSource"
> ref="contextSource" />
> </bean>
>
> </list>
> </property>
> </bean>
>
> <bean id="contextSource" class="
> org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
>
> <property name="userName" value="administrator" /> <!--this
> is the user logining to the AD server -->
> <property name="password" value="mypassword" />
> <!--password-->
> <property name="urls">
> <list>
> <value>ldap://onepoint-winser:389/</value>
> <!-- AD server -->
> </list>
> </property>
> <property name="baseEnvironmentProperties">
> <map>
> <entry>
> <key><value>
> java.naming.security.authentication</value></key>
> <value>simple</value>
> </entry>
> </map>
> </property>
> </bean>
> </beans>
>
> ----------------------------
>
> these are the errors :
>
> #######################################
> 2007-02-06 19:27:08,328 DEBUG [
> org.springframework.web.context.support.XmlWebApplicationContext] -
> Publishing event in context [WebApplicationContext for namespace
> 'cas-servlet']: ServletRequestHandledEvent: url=[/cas/login]; client=[
> 127.0.0.1]; method=[POST]; servlet=[cas];
> session=[D7EDB30B1CD13924918BA779F9B2EC94]; user=[null]; time=[203ms];
> status=[failed:
> org.springframework.webflow.engine.ActionExecutionException: Exception
> thrown executing [ [EMAIL PROTECTED] targetAction =
> [EMAIL PROTECTED], attributes =
> map['method' -> 'submit']] in state 'submit' of flow 'login-webflow' --
> action execution attributes were 'map['method' -> 'submit']'; nested
> exception is org.springframework.ldap.UncategorizedLdapException:
> Operation failed; nested exception is
> javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
> ]]
> 2007-02-06 19:27:08,328 DEBUG [
> org.springframework.web.context.support.XmlWebApplicationContext] -
> Publishing event in context [Root WebApplicationContext]:
> ServletRequestHandledEvent: url=[/cas/login]; client=[ 127.0.0.1];
> method=[POST]; servlet=[cas]; session=[D7EDB30B1CD13924918BA779F9B2EC94];
> user=[null]; time=[203ms]; status=[failed:
> org.springframework.webflow.engine.ActionExecutionException: Exception
> thrown executing [ [EMAIL PROTECTED] targetAction =
> [EMAIL PROTECTED], attributes =
> map['method' -> 'submit']] in state 'submit' of flow 'login-webflow' --
> action execution attributes were 'map['method' -> 'submit']'; nested
> exception is org.springframework.ldap.UncategorizedLdapException:
> Operation failed; nested exception is
> javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
> ]]
> 2007-02-06 19:27:08,328 ERROR
[org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cas].[cas]]
> - Servlet.service() for servlet cas threw exception
> javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
> ]
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985)
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java
> :175)
> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs (
> LdapCtxFactory.java:193)
> at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(
> LdapCtxFactory.java:136)
> at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(
> LdapCtxFactory.java:66)
> at javax.naming.spi.NamingManager.getInitialContext (
> NamingManager.java:667)
> at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java
> :247)
> at javax.naming.InitialContext.init(InitialContext.java:223)
> at javax.naming.ldap.InitialLdapContext .<init>(
> InitialLdapContext.java:134)
> at
> org.springframework.ldap.support.LdapContextSource.getDirContextInstance
> (LdapContextSource.java:59)
> at
> org.springframework.ldap.support.AbstractContextSource.createContext(
> AbstractContextSource.java :193)
> at
> org.springframework.ldap.support.AbstractContextSource.getReadOnlyContext
> (AbstractContextSource.java:104)
> at org.springframework.ldap.LdapTemplate.search(LdapTemplate.java
> :263)
> at org.springframework.ldap.LdapTemplate.search (LdapTemplate.java
> :314)
> at
>
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUsernamePasswordInternal
> (BindLdapAuthenticationHandler.java:70)
> at
>
org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.authenticate(
> AbstractUsernamePasswordAuthenticationHandler.java:58)
> at
> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(
> AuthenticationManagerImpl.java:79)
> at
> org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(
> CentralAuthenticationServiceImpl.java:282)
> at org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(
> AuthenticationViaFormAction.java:116)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke (Method.java:585)
> at org.springframework.webflow.util.DispatchMethodInvoker.invoke(
> DispatchMethodInvoker.java:105)
> at org.springframework.webflow.action.MultiAction.doExecute(
> MultiAction.java:136)
> at org.springframework.webflow.action.AbstractAction.execute(
> AbstractAction.java:203)
> at org.springframework.webflow.engine.AnnotatedAction.execute(
> AnnotatedAction.java:142)
> at org.springframework.webflow.engine.ActionExecutor.execute (
> ActionExecutor.java:61)
> at org.springframework.webflow.engine.ActionState.doEnter(
> ActionState.java:180)
> at org.springframework.webflow.engine.State.enter(State.java:200)
> at org.springframework.webflow.engine.Transition.execute (
> Transition.java:218)
> at org.springframework.webflow.engine.TransitionableState.onEvent(
> TransitionableState.java:112)
> at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
> at
> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(
> RequestControlContextImpl.java:207)
> at org.springframework.webflow.engine.ActionState.doEnter(
> ActionState.java:185)
> at org.springframework.webflow.engine.State.enter(State.java:200)
> at org.springframework.webflow.engine.Transition.execute (
> Transition.java:218)
> at org.springframework.webflow.engine.TransitionableState.onEvent(
> TransitionableState.java:112)
> at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
> at
> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(
> RequestControlContextImpl.java:207)
> at
> org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(
> FlowExecutionImpl.java:211)
> at org.springframework.webflow.executor.FlowExecutorImpl.resume(
> FlowExecutorImpl.java :227)
> at
>
org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest
> (FlowRequestHandler.java:115)
> at
> org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal
> (FlowController.java :170)
> at
> org.springframework.web.servlet.mvc.AbstractController.handleRequest(
> AbstractController.java:153)
> at
> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle
> (SimpleControllerHandlerAdapter.java :45)
> at org.springframework.web.servlet.DispatcherServlet.doDispatch(
> DispatcherServlet.java:820)
> at org.springframework.web.servlet.DispatcherServlet.doService(
> DispatcherServlet.java:755)
> at org.springframework.web.servlet.FrameworkServlet.processRequest (
> FrameworkServlet.java:396)
> at org.springframework.web.servlet.FrameworkServlet.doPost(
> FrameworkServlet.java:360)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
> at javax.servlet.http.HttpServlet.service (HttpServlet.java:802)
> at org.jasig.cas.web.init.SafeDispatcherServlet.service(
> SafeDispatcherServlet.java:115)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java :252)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:173)
> at org.apache.catalina.core.StandardWrapperValve.invoke(
> StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke (
> StandardContextValve.java:178)
> at org.apache.catalina.core.StandardHostValve.invoke(
> StandardHostValve.java:126)
> at org.apache.catalina.valves.ErrorReportValve.invoke(
> ErrorReportValve.java:105)
> at org.apache.catalina.core.StandardEngineValve.invoke (
> StandardEngineValve.java:107)
> at org.apache.catalina.connector.CoyoteAdapter.service(
> CoyoteAdapter.java:148)
> at org.apache.coyote.http11.Http11Processor.process(
> Http11Processor.java:869)
> at
>
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(
> Http11BaseProtocol.java:664)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(
> PoolTcpEndpoint.java:527)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(
> LeaderFollowerWorkerThread.java :80)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
> ThreadPool.java:684)
> at java.lang.Thread.run(Thread.java:595)
> 2007-02-06 19:27:08,562 DEBUG [
> org.springframework.web.servlet.DispatcherServlet ] - Testing handler
> map [
> [EMAIL PROTECTED]
> in DispatcherServlet with name 'cas'
> 2007-02-06 19:27:08,578 DEBUG [
> org.springframework.web.servlet.handler.SimpleUrlHandlerMapping ] -
> Looking up handler for [/login]
> 2007-02-06 19:27:08,578 DEBUG [
> org.springframework.web.servlet.DispatcherServlet] - Testing handler
> adapter [
> [EMAIL PROTECTED]
> 2007-02-06 19:27:08,578 DEBUG [
> org.springframework.web.servlet.DispatcherServlet] - Testing handler
> adapter [
> [EMAIL PROTECTED]
> ]
> 2007-02-06 19:27:08,578 DEBUG [
> org.springframework.web.servlet.DispatcherServlet ] - Last-Modified
> value for [/cas/login] is [-1]
> 2007-02-06 19:27:08,578 DEBUG [
> org.springframework.web.servlet.DispatcherServlet] - DispatcherServlet
> with name 'cas' received request for [/cas/login]
> 2007-02-06 19:27:08,578 DEBUG [
> org.springframework.core.CollectionFactory] - Creating [
> java.util.LinkedHashMap]
> 2007-02-06 19:27:08,578 DEBUG [
> org.springframework.web.servlet.DispatcherServlet] - Bound request
> context to thread: [EMAIL PROTECTED]
> 2007-02-06 19:27:08,578 DEBUG [
> org.springframework.web.servlet.DispatcherServlet] - Testing handler
> adapter [
> [EMAIL PROTECTED]
> 2007-02-06 19:27:08,578 DEBUG [
> org.springframework.web.servlet.DispatcherServlet ] - Testing handler
> adapter [
> [EMAIL PROTECTED]
> ]
> ##############################
>
> i have searched former mail-list of cas, there are some same problems
> with me. but a few user to paste the correct answer, and some situation is
> not adapt to me.
>
> and this is my ldap client information.
>
> ####################
> Expanding base 'CN=Users,DC=OPDEVNET'...
> Result <0>: (null)
> Matched DNs:
> Getting 1 entries:
> >> Dn: CN=Users,DC=OPDEVNET
> 2> objectClass: top; container;
> 1> cn: Users;
> 1> description: Default container for upgraded user accounts;
> 1> distinguishedName: CN=Users,DC=OPDEVNET;
> 1> instanceType: 0x4 = ( IT_WRITE );
> 1> whenCreated: 11/7/2006 18:14:50 China Standard Time China
> Standard Time;
> 1> whenChanged: 11/7/2006 18:14:50 China Standard Time China
> Standard Time;
> 1> uSNCreated: 4304;
> 1> uSNChanged: 4304;
> 1> showInAdvancedViewOnly: FALSE;
> 1> name: Users;
> 1> objectGUID: 9105dc75-62e4-472e-a41f-acee515a0933;
> 1> systemFlags: 0x8C000000 = ( FLAG_DISALLOW_DELETE |
> FLAG_DOMAIN_DISALLOW_RENAME | FLAG_DOMAIN_DISALLOW_MOVE );
> 1> objectCategory:
> CN=Container,CN=Schema,CN=Configuration,DC=OPDEVNET;
> 1> isCriticalSystemObject: TRUE;
>
> ###################
>
> 1、do i need a LDAP server's certificate to the JVM?
> 2、what's the problem with my configure file?
> 3、i have viewed the thread:
> http://forum.java.sun.com/thread.jspa?messageID=4227692 but i don't know
> what 's wrong with the configure in cas.
>
>
> thank you in advance.
>
> oldman
> 2/6/2007
>
>
>
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
