Make sure you're using the latest code from SVN. AuthenticatedLdapContextSource has been replaced with LdapContextSource from Spring-LDAP 1.3.0
-Eric Eric Pierce, RHCE -- University of South Florida -- (813) 974-8868 -- epie...@usf.edu On Mon, Apr 6, 2009 at 3:14 PM, Borchers, Kristopher C. <kborch...@sxu.edu>wrote: > Eric, > > I actually tracked down what the problem was and just got it working. I > had to modify AuthenticatedLdapContextSource to check the error there > against the regular expressions and then throw the appropriate error to > BindLdapAuthenticationHandler which catches each error and re-throws it to > be caught by AuthenticationViaFormAction. Without those modifications, > AuthenticatedLdapContextSource always threw > DataAccessResourceFailureException. I have pasted the relevant chunks of > code below. To answer your other question, I am using Microsoft Active > Directory. > > AuthenticatedLdapContextSource Code: > > try { > return getDirContextInstance(environment); > } catch (final NamingException e) { > String details = e.getMessage(); > > // see if the password has expired > Pattern pattern = Pattern > > .compile(ExpiredPasswordException.EXPIRED_PASSWORD_ERROR_REGEX); > Matcher matcher = pattern.matcher(details); > if (matcher.find()) { > throw new ExpiredPasswordException(); > } else { > // see if the account is locked > pattern = Pattern > > .compile(AccountLockedException.ACCOUNT_LOCKED_ERROR_REGEX); > matcher = pattern.matcher(details); > if (matcher.find()) { > throw new AccountLockedException(); > } else { > // see if the account is disabled > pattern = Pattern > > .compile(AccountDisabledException.ACCOUNT_DISABLED_ERROR_REGEX); > matcher = pattern.matcher(details); > }if (matcher.find()) { > throw new AccountDisabledException(); > } > } > throw new DataAccessResourceFailureException("Unable to create > DirContext"); > } > > BindLdapAuthenticationHandler code: > > for (final String dn : cns) { > DirContext test = null; > String finalDn = composeCompleteDnToCheck(dn, credentials); > try { > test = this.getContextSource().getDirContext( > finalDn, > credentials.getPassword()); > > if (test != null) { > return true; > } > } catch (final ExpiredPasswordException e) { > throw e; > } catch (final AccountLockedException e) { > throw e; > } catch (final AccountDisabledException e) { > throw e; > } catch (final Exception e) { > // if we catch any other exception, just try the next cn > } finally { > LdapUtils.closeContext(test); > } > } > > Hope that helps someone else. > > > Thanks, > Kris > >  > Kristopher Borchers > Web Application Developer - Content Analyst > Saint Xavier University > Ph. 773-298-3924 > kborch...@sxu.edu > www.sxu.edu > > Saint Xavier University - Success with Purpose. > > Saint Xavier University, a Catholic institution inspired by the heritage of > the Sisters of Mercy, educates men and women to search for truth, to think > critically, to communicate effectively, and to serve wisely and > compassionately in support of human dignity and the common good. > -----Original Message----- > From: epie...@mail.usf.edu [mailto:epie...@mail.usf.edu] On Behalf Of Eric > Pierce > Sent: Monday, April 06, 2009 1:42 PM > To: cas-user@lists.jasig.org > Subject: Re: [cas-user] Password Expiration Revisited > > All of the changes are in BindLdapAuthenticationHandler and > AuthenticationViaFormAction: > > In BindLdapAuthenticationHandler, if there was an exception creating a > new LDAP Context, it grabs the error message in the exception and > compares it to the regular expressions for each of the new exception > types(AccountLockedException, ExpiredPassException, etc). If the > message matches a pattern, that exception is thrown. > > AuthenticationViaFormAction then checks the error code included in the > exception and sets the webflow endpoint to show the appropiate error > message. > > If the error message that your LDAP server sent doesn't match the > REGEX, you'll just get back a BadCredentialsAuthenticationException , > so that might be the issue. Can you turn logging up to DEBUG for > Spring-LDAP and let me know what the error from your server is? By > the way, what LDAP server are you using? > > -Eric > > Eric Pierce, RHCE -- University of South Florida -- (813) 974-8868 > -- epie...@usf.edu > > > On Mon, Apr 6, 2009 at 10:48 AM, Borchers, Kristopher C. > <kborch...@sxu.edu> wrote: > > > > Eric, > > > > > > > > I am attempting to implement the changes you have made to detect LDAP > errors but have run into a snag. > > > > > > > > Did you make any modifications to the authenticate method in > org.jasig.cas.authentication.AuthenticationManagerImpl? The reason I ask is > that I am always getting BadCredentialsAuthenticationException which is to > be expected since that method is designed to return that exception for any > exception that happens in order to continue processing other handlers. Did > you have to make modification to catch the new exceptions you are throwing > from org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler? > > > > > > > > Sorry if this doesn't make sense as I am still pretty new to Java and CAS > but feel like I have a pretty good grip on it and can't understand where > your new exceptions are caught. > > > > > > > > Thanks, > > > > Kris > > > > > > > > Kristopher Borchers > > Web Application Developer - Content Analyst > > Saint Xavier University > > Ph. 773-298-3924 > > kborch...@sxu.edu > > www.sxu.edu > > > > Saint Xavier University - Success with Purpose. > > > > Saint Xavier University, a Catholic institution inspired by the heritage > of the Sisters of Mercy, educates men and women to search for truth, to > think critically, to communicate effectively, and to serve wisely and > compassionately in support of human dignity and the common good. > > > > ________________________________ > > > > From: epie...@mail.usf.edu [mailto:epie...@mail.usf.edu] On Behalf Of > Eric Pierce > > Sent: Thursday, April 02, 2009 11:05 AM > > To: cas-user@lists.jasig.org > > Subject: [cas-user] Password Expiration Revisited > > > > > > > > -- > > > > You are currently subscribed to cas-user@lists.jasig.org as: > kborch...@sxu.edu > > > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > > You are currently subscribed to cas-user@lists.jasig.org as: > epie...@usf.edu > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > kborch...@sxu.edu > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > epie...@usf.edu > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user