Hi there,
I am having communication problems with my Active Directory and CAS. My
AD machine is called idm-dc1 and my domain is ExampleOrganization.local.
At present, when I try to login to CAS I am getting an error message
from CAS saying "The credentials you provided cannot be determined to be
authentic".
I am logging in as one of my users as below and their account details in
AD are included for reference. My users are held in an ou called
Identities:
userid=t...@testschool.ac.uk
Password=apassword
Ldif for this user in AD:
dn:
cn=t...@testschool.ac.uk,OU=Identities,DC=ExampleOrganization,DC=local
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: t...@testschool.ac.uk
sn: MELDRUM
title: MS
givenName: LAURA
distinguishedName:
cn=t...@testschool.ac.uk,OU=Identities,DC=ExampleOrganization,DC=local
instanceType: 4
whenCreated: 20090508082512.0Z
whenChanged: 20090508082512.0Z
uSNCreated: 15381
uSNChanged: 15394
name: t...@testschool.ac.uk
objectGUID:: z0FREwjkVkiMPl67khJCYQ==
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
pwdLastSet: 128862447125126250
primaryGroupID: 513
objectSid:: ZHUAAAAAAAUVAAAAtGO
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: $Z21000-CA6B2SF9KI
sAMAccountType: 805306368
objectCategory:
CN=Person,CN=Schema,CN=Configuration,DC=ExampleOrganization,DC=local
mail: t...@hotmail.com
My relevant segment of my deploycontextconfig.xml settings is as
follows:
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter"
value="sAMAccountName=%u" />
<property name="searchBase"
value="ou=Identities,dc=ExampleOrganization,dc=local" />
<property name="contextSource"
ref="contextSource" />
<property
name="ignorePartialResultException" value="yes" />
</bean>
</list>
</property>
</bean>
<bean id="contextSource"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
<property name="urls">
<list>
<value>ldap://194.168.0.2</value> <!-ip address of my
AD machine -->
</list>
</property>
<property name="userDn"
value="CN=Administrator,CN=Users,DC=ExampleOrganization,DC=local"/>
<property name="password" value="password"/>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>java.naming.security.authentication</value>
</key>
<value>simple</value>
</entry>
</map>
</property>
</bean>
Can anyone offer advice on where I am going wrong? I have followed the
info on settings for communicating with AD and would appreciate advice
off someone who is successfully communicating with CAS and AD just using
the LDAP method.
Regards
Mike Jones
Identity Management Systems Administrator
IT Systems
University of Hull
Tel: 01482 465549
Email: m.a.jo...@hull.ac.uk
--
You are currently subscribed to cas-dev@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev<<winmail.dat>>
***************************************************************************************** To view the terms under which this email is distributed, please go to http://www.hull.ac.uk/legal/email_disclaimer.html *****************************************************************************************
