Wed, 14 Jan 2009 13:13:11 -0800 

Hi all,
 
I'm trying to configure CAS to authenticate against an LDAP using JAAS this is 
my jaas.conf file (configured in -Djava.security.auth.login.config=jaas.conf)  
CAS {edu.uconn.netid.jaas.LDAPLoginModule 
sufficientjava.naming.provider.url="ldap://ladpsrv:389/ou=ait,o=b2b,dc=net"java.naming.security.principal="cn=Manager,ou=ait,o=b2b,dc=net"java.naming.security.credentials="secret"Attribute="uid"startTLS="true";};
 
and this is my delpoyConfigContext file
 
<?xml version="1.0" encoding="UTF-8"?><beans 
xmlns="http://www.springframework.org/schema/beans";       
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";       
xmlns:p="http://www.springframework.org/schema/p";       
xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";>
 <bean id="authenticationManager" 
class="org.jasig.cas.authentication.AuthenticationManagerImpl">  <property 
name="credentialsToPrincipalResolvers">   <list>    <bean 
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
 />    <bean 
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
 />   </list>  </property>  <property name="authenticationHandlers">   <list>   
 <bean 
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
 p:httpClient-ref="httpClient" />    <bean 
class="org.jasig.cas.authentication.handler.support.JaasAuthenticationHandler" 
/>    <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">  
   <property name="filter" value="uid=%u" />     <property name="searchBase" 
value="ou=people,ou=ait,o=b2b,dc=net" />     <property name="contextSource" 
ref="contextSource" />    </bean>   </list>  </property> </bean>
 <bean id="userDetailsService" 
class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">  
<property name="userMap">   <value></value>  </property> </bean>   <bean 
id="attributeRepository" 
class="org.jasig.services.persondir.support.StubPersonAttributeDao">  <property 
name="backingMap">   <map>    <entry key="uid" value="uid" />    <entry 
key="eduPersonAffiliation" value="eduPersonAffiliation" />     <entry 
key="groupMembership" value="groupMembership" />   </map>  </property> </bean>  
<bean id="serviceRegistryDao" 
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />  <!-- LDAP 
context --> <bean id="contextSource" 
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">  
<property name="pooled" value="true"/>  <property name="urls">   <list>    
<value>ldap://ladpsrv:389/ou=ait,o=b2b,dc=net</value>   </list>  </property>  
<property name="userName" value="cn=Manager,ou=ait,o=b2b,dc=net"/>  <property 
name="password" value="secret"/>  <property name="baseEnvironmentProperties">   
<map>    <entry>     <key>      
<value>java.naming.security.authentication</value>     </key>     
<value>simple</value>    </entry>        <entry>     <key>      
<value>ldap.initial.context.factory</value>     </key>     
<value>com.sun.jndi.ldap.LdapCtxFactory</value>    </entry>   </map>  
</property> </bean> </beans>
 
when I try to login I get a bad credential my ldap schema is 
ou=ait,o=b2b,dc=net    ou=people         uid=user1         uid=user2    
ou=roles        cn=role1             uniqueMember: 
uid=user1,ou=people,ou=ait,o=b2b,dc=net        cn=role2             
uniqueMember: uid=user2,ou=people,ou=ait,o=b2b,dc=net  When I use the tomcat 
JNDIRealm, it works fine  <Realm 
className="org.apache.catalina.realm.JNDIRealm"            
connectionURL="ldap://ladpsrv:389/ou=ait,o=b2b,dc=net";           
userPattern="uid={0},ou=people,ou=ait,o=b2b,dc=net"           
roleBase="ou=roles,ou=ait,o=b2b,dc=net"           roleName="cn"           
roleSearch="(uniqueMember={0})" />  any help please? thanks a lot.
_________________________________________________________________
Découvrez toutes les possibilités de communication avec vos proches
http://www.microsoft.com/windows/windowslive/default.aspx
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
  • [no subject] inas inassen
    • Re: Adam Rybicki

Reply via email to