Again, I believe it would be helpful to clarify a few things: - Administrator is a service account in this case. (It is by all measures a poor choice, but meets the criteria.) - The username/password properties in your contextSource bean are _not used_ with the fast bind handler. - If you need to use a service account to search for users, you need to use BindLdapAuthenticationHandler.
If all the users you wish to authenticate have DNs like [email protected],OU=Identities,DC=ExampleOrganization,DC=local, then you should be able to use FastBindLdapAuthenticationHandler as follows: <bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" > <property name="filter" value="cn=%u,ou=Identities,dc=ExampleOrganization,dc=local" /> <property name="contextSource" ref="contextSource" /> </bean> <bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> <property name="urls"> <list> <value>ldap://198.168.0.1</value> </list> </property> <property name="baseEnvironmentProperties"> <map> <entry key=java.naming.security.authentication" value="simple" /> </map> </property> </bean> (Note org.springframework.ldap.core.support.LdapContextSource replaces org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource as of CAS 3.3.2.) Assuming [email protected] is a valid CN, you should be able to authenticate with that username. Testing with LDP is the way to go. If you can bind with a DN in LDP, the same settings will work in CAS. Spend your time testing with LDP until you get a DN/password pair that works, then come back to CAS and test. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
