Thanks Andrew for your quick answer.
I got the certificate from the LDAP server, and I have imported it to my
keystore. Now, when I try to login to CAS, it tells that my credentials are
invalid.
Could be that instead of the LDAP server name I have wroten the server IP
address on deployerConfigContext.xml??
Thanks again!
Here it is my deployerConfigContext.xml:
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter" value="uid=%u" />
<property name="searchBase" value="dc=aaa, dc=aaa, dc=aa"/> (those aaa are
the dc of the ldap) <property name="contextSource"
ref="contextSource" /> </bean> </list>
</property> </bean> <bean id="contextSource"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
<property name="anonymousReadOnly" value="false"/> <property name="pooled"
value="true"/> <property name="urls"> <list>
<value>ldaps://XXX.XXX.XX.XX:636/</value> (those XXX are the IP of the LDAP
server) </list> </property> <property
name="baseEnvironmentProperties"> <map> <entry>
<key> <value>java.naming.security.protocol</value>
</key> <value>ssl</value> </entry>
<entry> <key>
<value>java.naming.security.authentication</value> </key>
<value>simple</value> </entry> </map>
</property></bean>
> Laura,> > It appears that Tomcat is having issues with the SSL certificate
> used by> your OpenLDAP server; i.e. it does not trust it. I am having
> trouble> accessing the URL you specified within your email>
> (http://www.ja-sig.org/wiki/pages/viewpage.action?pageId=10649670). If you>
> are handling SSL certificates with keystores, then you will need to add the>
> LDAP server?s SSL certificate to your keystore.> > A-> > > My
> deployerConfigContext is:> > > > > > ldaps://XXX.XXX.XX.XX:636/> > > > > > >
> > Can I use an IP address there instead of LDAP server name?> >
_________________________________________________________________
¿Quieres los emoticonos y guiños más divertidos? Descárgate Internet Explorer
7, y consigue contenidos exclusivos cada semana. ¡Gratis!
http://www.vivelive.com/IEAK7_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas