Hi everyone,
I am trying to use CAS with Oracle LDAP server.
It's quite easy to set up CAS with ldap, but when I try to set up CAS with
ldaps, I have problem.
First, I have to use some Oracle Java lib and native lib. The Java libs
include ldapjclnt10.jar , jssl-1_1.jar, and the native lib is libnjssl10.so.
Then I implemented my own LdapContextSource, getDirContextInstance(Hashtable
environment). In the default implementation, it just return new
InitialLdapContext(environment, null); in my implementation, it's something
like:
String key = "java.library.path";
log.debug(key + " = " + System.getProperty(key));
InitialLdapContext ctx;
String url = (String) environment.get("java.naming.provider.url");
String port = "389";
// set port to 636 when url starts with ldaps, or contains :636
if (url.startsWith("ldaps:") || url.contains(":636"))
port = "636";
// get rid of ldap:// or ldaps:// from url
int index = url.indexOf("://");
String host = url.substring(index + 3);
// get rid of : and / from url
index = host.indexOf(":");
if (index != -1)
host = host.substring(0, index);
index = host.indexOf("/");
if (index != -1)
host = host.substring(0, index);
String principal = (String)
environment.get("java.naming.security.principal");
String password = (String)
environment.get("java.naming.security.credentials");
try {
String userDN = principal;
log.debug("host = " + host + " port = " + port + " userDN = " +
userDN);
if ("636".equals(port)) {
log.debug("ConnectionUtil.getSSLDirCtx starts");
// using SSL connection for port 636
ctx = ConnectionUtil.getSSLDirCtx(host,
port,
userDN,
password);
log.debug("ConnectionUtil.getSSLDirCtx ends");
} else {
log.debug("ConnectionUtil.getDefaultDirCtx starts");
ctx = ConnectionUtil.getDefaultDirCtx(host,
port,
userDN,
password);
log.debug("ConnectionUtil.getDefaultDirCtx ends");
}
} catch (Exception e) {
log.debug(" - Invalid login attempt for " + principal + ".
Exception: " + e);
throw new NamingException("Invalid login attempt");
}
return ctx;
If you are familiar with Oracle LDAP, that should be the standard way to get
LdapContext.
That's all good. When I try mvn jetty:run, it runs fine. But after I deployed
to Tomcat, it won't work.
1. if I don't add libnjssl10.so into java.library.path, under Jetty, it will
complain
Root exception is java.lang.UnsatisfiedLinkError: no njssl10 in
java.library.path
which is expected. but under Tomcat, no complaint.
2. under Jetty, I can log in with correct username and password, it works. But
under Tomcat, it won't accept even correct username and password.
I guess my question is: why the CAS with Oracle LDAP support works different
under Jetty and Tomcat?
I'll be much appreciated if someone can help me.
Cheers,
Richard
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
