Thanks for those who help with this problem. After I commented out from deployerConfigContext.xml, CAS-LDAP authentication is working.
<entry <key><value>java.naming.security.protocol</value></key> <value>ssl</value> </entry Thanks again, Aziz -----Original Message----- From: Darouichi, Aziz [mailto:adaro...@post03.curry.edu] Sent: Friday, February 10, 2012 4:05 PM To: cas-user@lists.jasig.org Subject: RE: [cas-user] simple bind failed error. Hi Ben, This a copy of LDAP bean. As you can see I am using ldap:// these to LDAP servers are test servers built for CAS- testing and they are replicating each other. <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="anonymousReadOnly" value="false" /> <property name="password" value="Password" /> <property name="pooled" value="true" /> <property name="urls"> <list> <value>ldap://ldap3.curry.edu:389/</value> <value>ldap://ldap1.curry.edu:389/</value> </list> </property> <property name="userDn" value="ldap" /> <property name="baseEnvironmentProperties"> <map> <entry> -----Original Message----- From: Ben Branch [mailto:bbra...@uco.edu] Sent: Friday, February 10, 2012 3:09 PM To: cas-user@lists.jasig.org Subject: RE: [cas-user] simple bind failed error. In your deployerConfigContext.xml, when configuring your ldap url, are you using ldaps:// or ldap:// ? That would be the only reason I could think of that would cause the CAS to initiate an SSL connection to the LDAP server. I know in some of the documentation it mentions to use ldaps in the url and you may have done this on accident, not knowing that you needed an SSL cert to use ldaps. This is from my deployerConfigContext.xml (non-ssl configuration to Active Directory LDAP) from my test environment for reference: <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="pooled" value="false"/> <property name="url" value="ldap://test.domain.local" /> <!-- Service Account user ID/Password --> <property name="userDn" value="cas_service_account@domain.local"/> <property name="password" value="password_goes_here"/> <property name="baseEnvironmentProperties"> <map> <!-- Three seconds is an eternity to users. --> <entry key="com.sun.jndi.ldap.connect.timeout" value="3000" /> <entry key="com.sun.jndi.ldap.read.timeout" value="3000" /> <entry key="java.naming.security.authentication" value="simple" /> </map> </property> </bean> I hope this helps. Ben Branch Sun Administrator University of Central Oklahoma ITIL Foundation v3, Network+ 100 N. University Drive, Box 122 Edmond, OK 73034 D: 405.974.2649 | M: 405.550.6804 | bbra...@uco.edu | www.uco.edu "If you wish to know your past, look at your present conditions. If you wish to know your future, look at your present actions." - Siddhartha Gautama -----Original Message----- From: Darouichi, Aziz [mailto:adaro...@post03.curry.edu] Sent: Friday, February 10, 2012 1:29 PM To: cas-user@lists.jasig.org Subject: RE: [cas-user] simple bind failed error. I am trying to connect to OpenLDAP 2.3.43. This is a test project for now. Is it possible to bind to LDAP without SSL? I want to make sure it works before I spend the Money on SSL. Thanks, Aziz -----Original Message----- From: Marvin S. Addison [mailto:marvin.addi...@gmail.com] Sent: Friday, February 10, 2012 12:41 PM To: cas-user@lists.jasig.org Subject: Re: [cas-user] simple bind failed error. > Sorry I am not using TLS or SSL in LDAP. Something on the CAS side sure thinks you want SSL: [Root exception is javax.net .ssl.SSLHandshakeException: Remote host closed connection during handshake] What directory are you connecting to? Most require SSL/TLS to perform a successful bind, so even if that's not the problem now, it will likely come up before you have a successful deployment. M -- You are currently subscribed to cas-user@lists.jasig.org as: adaro...@post03.curry.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: bbra...@uco.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user **Bronze+Blue=Green** The University of Central Oklahoma is Bronze, Blue, and Green! Please print this e-mail only if absolutely necessary! **CONFIDENTIALITY** This e-mail (including any attachments) may contain confidential, proprietary and privileged information. Any unauthorized disclosure or use of this information is prohibited. -- You are currently subscribed to cas-user@lists.jasig.org as: adaro...@post03.curry.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: adaro...@post03.curry.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user