Laura, Hrmmm just a couple of quick things:
1. There is a wiki article on the JA-SIG sit about the LDAP authentication handler that is worth checking out ( http://www.ja-sig.org/wiki/display/CASUM/LDAP ) 2. In your contextSource bean, you specify anonymousReadOnly=²false²; if this is intentional, make sure you are providing the username and password properties 3. In your baseEnvironmentProperties, you specify java.naming.security.protocol; I don¹t know if this is necessary as you are specifying LDAPS for your LDAP URLs. Try commenting this out and see if that changes anything. Those are my knee-jerk thoughts; hope they help. A- On 8/27/08 5:26 AM, "Laura QCaballero" <[EMAIL PROTECTED]> wrote: > Thanks Andrew for your quick answer. > > I got the certificate from the LDAP server, and I have imported it to my > keystore. Now, when I try to login to CAS, it tells that my credentials are > invalid. > > Could be that instead of the LDAP server name I have wroten the server IP > address on deployerConfigContext.xml?? > > Thanks again! > > Here it is my deployerConfigContext.xml: > > <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> > <property name="filter" value="uid=%u" /> > <property name="searchBase" value="dc=aaa, dc=aaa, > dc=aa"/> (those aaa are the dc of the ldap) > <property name="contextSource" ref="contextSource" /> > </bean> > </list> > </property> > </bean> > > > <bean id="contextSource" > class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> > <property name="anonymousReadOnly" value="false"/> > <property name="pooled" value="true"/> > <property name="urls"> > <list> > <value>ldaps://XXX.XXX.XX.XX:636</value> (those XXX are > the IP of the LDAP server) > </list> > </property> > <property name="baseEnvironmentProperties"> > <map> > <entry> > <key> > <value>java.naming.security.protocol</value> > </key> > <value>ssl</value> > </entry> > <entry> > <key> > <value>java.naming.security.authentication</value> > </key> > <value>simple</value> > </entry> > </map> > </property> > </bean> > > >> > Laura, >> > >> > It appears that Tomcat is having issues with the SSL certificate used by >> > your OpenLDAP server; i.e. it does not trust it. I am having trouble >> > accessing the URL you specified within your email >> > (http://www.ja-sig.org/wiki/pages/viewpage.action?pageId=10649670). If you >> > are handling SSL certificates with keystores, then you will need to add the >> > LDAP server?s SSL certificate to your keystore. >> > >> > A- >> > >>> > > My deployerConfigContext is: >>> > > >>> > > >>> > > ldaps://XXX.XXX.XX.XX:636/ >>> > > >>> > > >>> > > >>> > > Can I use an IP address there instead of LDAP server name? >>> > > > > > > ¿Todavía no conoces El Duelo? Descúbrelo y reta a tus contactos de Messenger > El Duelo <http://www.vivelive.com/duelo> > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
