hello,i have change the value of anonymousReadOnly to false, this time i have another one
i know very little about LDAP, maybe i write something wrong.
2007-05-04 10:39:38,850 ERROR
[org.apache.catalina.core.ContainerBase.[Catalina]
.[localhost].[/cas-web].[cas]]
- <Servlet.service() for servlet cas threw
except
ion>
javax.naming.AuthenticationException: [LDAP: error
code 49 - Bind failed: null]
at
com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985)
at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
at
com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
at
com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193
)
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.ja
va:136)
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.jav
a:66)
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:6
67)
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247
)
at
javax.naming.InitialContext.init(InitialContext.java:223)
at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:1
34)
at
org.springframework.ldap.support.LdapContextSource.getDirContextInsta
nce(LdapContextSource.java:59)
at
org.springframework.ldap.support.AbstractContextSource.createContext(
AbstractContextSource.java:193)
at org.springframework..........
From: "Dmitry Kochelaev" <[EMAIL PROTECTED]>
Reply-To: Yale CAS mailing list <[email protected]>
To: "Yale CAS mailing list" <[email protected]>
Subject: Re: LDAP: error code 50- failed on search operation
Date: Fri, 4 May 2007 14:20:29 +0400
Hello,
try
<property name="anonymousReadOnly" value="false" /> instead of "true",
since the anonymous look up is disabled, see the log you've attached:
"failed on search oper
ation: Anonymous binds have been disabled!"
On 5/4/07, xing luming <[EMAIL PROTECTED]> wrote:
>
>
>
>sorry, and this is my deployerConfigContext.xml
>
>
><?xml version="1.0" encoding="UTF-8"?>
>
><!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
>"http://www.springframework.org/dtd/spring-beans.dtd">
>
><!--
>
>| deployerConfigContext.xml centralizes into one file some of the
>declarative configuration that
>
>| all CAS deployers will need to modify.
>
>|
>
>| This file declares some of the Spring-managed JavaBeans that make
>up a CAS
>deployment.
>
>| The beans declared in this file are instantiated at context
>initialization
>time by the Spring
>
>| ContextLoaderListener declared in web.xml. It finds this file
>because this
>
>| file is among those declared in the context parameter
>"contextConfigLocation".
>
>|
>
>| By far the most common change you will need to make in this file
>is to
>change the last bean
>
>| declaration to replace the default
>SimpleTestUsernamePasswordAuthenticationHandler with
>
>| one implementing your approach for authenticating usernames and
>passwords.
>
>+-->
>
><beans>
>
><!--
>
>| This bean declares our AuthenticationManager. The
>CentralAuthenticationService service bean
>
>| declared in applicationContext.xml picks up this
>AuthenticationManager by
>reference to its id,
>
>| "authenticationManager". Most deployers will be able to use the
>default
>AuthenticationManager
>
>| implementation and so do not need to change the class of this
>bean. We
>include the whole
>
>| AuthenticationManager here in the userConfigContext.xml so that
>you can
>see the things you will
>
>| need to change in context.
>
>+-->
>
><bean id="authenticationManager"
>
>class="org.jasig.cas.authentication.AuthenticationManagerImpl">
>
><!--
>
>| This is the List of CredentialToPrincipalResolvers that identify
>what
>Principal is trying to authenticate.
>
>| The AuthenticationManagerImpl considers them in order, finding a
>CredentialToPrincipalResolver which
>
>| supports the presented credentials.
>
>|
>
>| AuthenticationManagerImpl uses these resolvers for two purposes.
>First, it
>uses them to identify the Principal
>
>| attempting to authenticate to CAS /login . In the default
>configuration,
>it is the DefaultCredentialsToPrincipalResolver
>
>| that fills this role. If you are using some other kind of
>credentials than
>UsernamePasswordCredentials, you will need to replace
>
>| DefaultCredentialsToPrincipalResolver with a
>CredentialsToPrincipalResolver that supports the credentials you are
>
>| using.
>
>|
>
>| Second, AuthenticationManagerImpl uses these resolvers to identify
>a
>service requesting a proxy granting ticket.
>
>| In the default configuration, it is the
>HttpBasedServiceCredentialsToPrincipalResolver that serves
>this purpose.
>
>| You will need to change this list if you are identifying services
>by
>something more or other than their callback URL.
>
>+-->
>
><property name="credentialsToPrincipalResolvers">
>
><list>
>
><!--
>
>| UsernamePasswordCredentialsToPrincipalResolver supports
>the UsernamePasswordCredentials that we use for /login
>
>| by default and produces SimplePrincipal instances conveying the
>username
>from the credentials.
>
>|
>
>| If you've changed your LoginFormAction to use credentials other
>than
>UsernamePasswordCredentials then you will also
>
>| need to change this bean declaration (or add additional
>declarations) to
>declare a CredentialsToPrincipalResolver that supports the
>
>| Credentials you are using.
>
>+-->
>
><bean
>
>class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
>/>
>
><!--
>
>| HttpBasedServiceCredentialsToPrincipalResolver supports
>HttpBasedCredentials. It supports the CAS 2.0 approach of
>
>| authenticating services by SSL callback, extracting the callback
>URL from
>the Credentials and representing it as a
>
>| SimpleService identified by that callback URL.
>
>|
>
>| If you are representing services by something more or other than
>an HTTPS
>URL whereat they are able to
>
>| receive a proxy callback, you will need to change this bean
>declaration
>(or add additional declarations).
>
>+-->
>
><bean
>
>class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
>/>
>
></list>
>
></property>
>
><!--
>
>| Whereas CredentialsToPrincipalResolvers identify who it is some
>Credentials might authenticate,
>
>| AuthenticationHandlers actually authenticate credentials. Here we
>declare
>the AuthenticationHandlers that
>
>| authenticate the Principals that the
>CredentialsToPrincipalResolvers
>identified. CAS will try these handlers in turn
>
>| until it finds one that both supports the Credentials presented
>and
>succeeds in authenticating.
>
>+-->
>
><property name="authenticationHandlers">
>
><list>
>
><bean
>
>class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> >
>
><property name="httpClient" ref="httpClient" />
>
></bean>
>
>
>
><bean
>
>class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
> >
>
><property name="filter" value="uid=%u" />
>
><property name="searchBase" value="ou=system" />
>
><property name="contextSource" ref="contextSource" />
>
></bean>
>
></list>
>
></property>
>
></bean>
>
><bean id="contextSource"
>class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
>
><property name="anonymousReadOnly" value="true" />
>
><property name="userName" value="uid=admin" />
>
><property name="password" value="secret" />
>
><property name="pooled" value="true" />
>
><property name="urls">
>
><list>
>
><value>ldap://localhost:10389/</value>
>
><value>ldap://localhost:10389/</value>
>
></list>
>
></property>
>
><property name="baseEnvironmentProperties">
>
><map>
>
><entry>
>
><key><value>java.naming.security.authentication</value></key>
>
><value>simple</value>
>
></entry>
>
></map>
>
></property>
>
></bean>
>
></beans>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>From: "xing luming"
>Reply-To: Yale CAS mailing list
>To: [email protected]
>Subject: LDAP: error code 50- failed on search operation
>Date: Fri, 04 May 2007 11:44:45 +0200
>
>
>thank you for your help! my cas is working now.
>but i have another error report. wenn i want to login.
>
>is there anything wrong in deployerConfigContext.xml?
>
>have i wrote wrong "filter" or "searchBase" or "userName" or
>anything else?
>
>
>2007-05-04 09:33:14,428 ERROR
>[org.apache.catalina.core.ContainerBase.[Catalina]
>.[localhost].[/cas-web].[cas]] - ion>
>javax.naming.NoPermissionException: [LDAP: error code 50 -
>failed on search oper
>ation: Anonymous binds have been disabled!]; remaining name
>'ou=system'
> at
>com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2993)
> at
>com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
> at
>com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
> at
>com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1808)
> at
>com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)
> at
>com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirCon
>text.java:368)
> at
>com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCom
>positeDirContext.java:338)
> at
>com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCom
>positeDirContext.java:321)
> at
>javax.naming.directory.InitialDirContext.search(InitialDirContext.jav
>a:248)
> at
>org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler$1.executeSe
>arch(BindLdapAuthenticationHandler.java:74)
> at
>org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:268)
> at
>org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:314)
> at
>org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticat
>eUsernamePasswordInternal(BindLdapAuthenticationHandler.java:70)
> at
>org.jasig.cas.authentication.handler.support.AbstractUsernamePassword
>AuthenticationHandler.authenticate(AbstractUsernamePasswordAuthenticationHandler
>.java:58)
> at org.jasig.........
>
>
>
>
>
>
>and here is my system.ldif data.
>
>
>
>
>#-------------------------------------------------------------------------------
># This file has been generated on 05.03.2007 at 11:15 from
>localhost:10389
># by Softerra LDAP Browser 2.6 (http://www.ldapbrowser.com)
>#-------------------------------------------------------------------------------
>version: 1
>dn: ou=system
>ou: system
>objectClass: organizationalUnit
>objectClass: extensibleObject
>objectClass: top
>dn: uid=admin,ou=system
>sn: administrator
>objectClass: person
>objectClass: organizationalPerson
>objectClass: inetOrgPerson
>objectClass: top
>cn: system administrator
>userPassword: secret
>uid: admin
>displayName: Directory Superuser
>dn: ou=users,ou=system
>ou: users
>objectClass: organizationalUnit
>objectClass: top
>dn: ou=groups,ou=system
>ou: groups
>objectClass: organizationalUnit
>objectClass: top
>dn: cn=administrators,ou=groups,ou=system
>objectClass: groupOfUniqueNames
>objectClass: top
>cn: Administrators
>uniqueMember: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
>dn: ou=configuration,ou=system
>ou: configuration
>objectClass: organizationalUnit
>objectClass: top
>dn: ou=partitions,ou=configuration,ou=system
>ou: partitions
>objectClass: organizationalUnit
>objectClass: top
>dn: ou=services,ou=configuration,ou=system
>ou: services
>objectClass: organizationalUnit
>objectClass: top
>dn: ou=interceptors,ou=configuration,ou=system
>ou: interceptors
>objectClass: organizationalUnit
>objectClass: top
>dn: prefNodeName=sysPrefRoot,ou=system
>objectClass: extensibleObject
>objectClass: top
>prefNodeName: sysPrefRoot
>
>
>thank you!!
>
>
>
>使用 Live Messenger 与联机的朋友进行交 流
>
>_______________________________________________
>Yale CAS mailing list
>[email protected]
>http://tp.its.yale.edu/mailman/listinfo/cas
>________________________________
> 与世界各地的联机的朋友进行交流,立即下载免费的 Live Messenger
>_______________________________________________
>Yale CAS mailing list
>[email protected]
>http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
Dmitry Kochelaev
eVelopers Corporation
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
使用世界上最大的电子邮件 系统― MSN Hotmail
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
