Hello, try <property name="anonymousReadOnly" value="false" /> instead of "true", since the anonymous look up is disabled, see the log you've attached: "failed on search oper ation: Anonymous binds have been disabled!"
On 5/4/07, xing luming <[EMAIL PROTECTED]> wrote:
sorry, and this is my deployerConfigContext.xml <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd";> <!-- | deployerConfigContext.xml centralizes into one file some of the declarative configuration that | all CAS deployers will need to modify. | | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment. | The beans declared in this file are instantiated at context initialization time by the Spring | ContextLoaderListener declared in web.xml. It finds this file because this | file is among those declared in the context parameter "contextConfigLocation". | | By far the most common change you will need to make in this file is to change the last bean | declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler with | one implementing your approach for authenticating usernames and passwords. +--> <beans> <!-- | This bean declares our AuthenticationManager. The CentralAuthenticationService service bean | declared in applicationContext.xml picks up this AuthenticationManager by reference to its id, | "authenticationManager". Most deployers will be able to use the default AuthenticationManager | implementation and so do not need to change the class of this bean. We include the whole | AuthenticationManager here in the userConfigContext.xml so that you can see the things you will | need to change in context. +--> <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <!-- | This is the List of CredentialToPrincipalResolvers that identify what Principal is trying to authenticate. | The AuthenticationManagerImpl considers them in order, finding a CredentialToPrincipalResolver which | supports the presented credentials. | | AuthenticationManagerImpl uses these resolvers for two purposes. First, it uses them to identify the Principal | attempting to authenticate to CAS /login . In the default configuration, it is the DefaultCredentialsToPrincipalResolver | that fills this role. If you are using some other kind of credentials than UsernamePasswordCredentials, you will need to replace | DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that supports the credentials you are | using. | | Second, AuthenticationManagerImpl uses these resolvers to identify a service requesting a proxy granting ticket. | In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose. | You will need to change this list if you are identifying services by something more or other than their callback URL. +--> <property name="credentialsToPrincipalResolvers"> <list> <!-- | UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login | by default and produces SimplePrincipal instances conveying the username from the credentials. | | If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also | need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the | Credentials you are using. +--> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> <!-- | HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials. It supports the CAS 2.0 approach of | authenticating services by SSL callback, extracting the callback URL from the Credentials and representing it as a | SimpleService identified by that callback URL. | | If you are representing services by something more or other than an HTTPS URL whereat they are able to | receive a proxy callback, you will need to change this bean declaration (or add additional declarations). +--> <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> </list> </property> <!-- | Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate, | AuthenticationHandlers actually authenticate credentials. Here we declare the AuthenticationHandlers that | authenticate the Principals that the CredentialsToPrincipalResolvers identified. CAS will try these handlers in turn | until it finds one that both supports the Credentials presented and succeeds in authenticating. +--> <property name="authenticationHandlers"> <list> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" > <property name="httpClient" ref="httpClient" /> </bean> <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" > <property name="filter" value="uid=%u" /> <property name="searchBase" value="ou=system" /> <property name="contextSource" ref="contextSource" /> </bean> </list> </property> </bean> <bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> <property name="anonymousReadOnly" value="true" /> <property name="userName" value="uid=admin" /> <property name="password" value="secret" /> <property name="pooled" value="true" /> <property name="urls"> <list> <value>ldap://localhost:10389/</value> <value>ldap://localhost:10389/</value> </list> </property> <property name="baseEnvironmentProperties"> <map> <entry> <key><value>java.naming.security.authentication</value></key> <value>simple</value> </entry> </map> </property> </bean> </beans> From: "xing luming" Reply-To: Yale CAS mailing list To: [email protected] Subject: LDAP: error code 50- failed on search operation Date: Fri, 04 May 2007 11:44:45 +0200 thank you for your help! my cas is working now. but i have another error report. wenn i want to login. is there anything wrong in deployerConfigContext.xml? have i wrote wrong "filter" or "searchBase" or "userName" or anything else? 2007-05-04 09:33:14,428 ERROR [org.apache.catalina.core.ContainerBase.[Catalina] .[localhost].[/cas-web].[cas]] - ion> javax.naming.NoPermissionException: [LDAP: error code 50 - failed on search oper ation: Anonymous binds have been disabled!]; remaining name 'ou=system' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2993) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1808) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirCon text.java:368) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCom positeDirContext.java:338) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCom positeDirContext.java:321) at javax.naming.directory.InitialDirContext.search(InitialDirContext.jav a:248) at org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler$1.executeSe arch(BindLdapAuthenticationHandler.java:74) at org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:268) at org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:314) at org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticat eUsernamePasswordInternal(BindLdapAuthenticationHandler.java:70) at org.jasig.cas.authentication.handler.support.AbstractUsernamePassword AuthenticationHandler.authenticate(AbstractUsernamePasswordAuthenticationHandler .java:58) at org.jasig......... and here is my system.ldif data. #------------------------------------------------------------------------------- # This file has been generated on 05.03.2007 at 11:15 from localhost:10389 # by Softerra LDAP Browser 2.6 (http://www.ldapbrowser.com) #------------------------------------------------------------------------------- version: 1 dn: ou=system ou: system objectClass: organizationalUnit objectClass: extensibleObject objectClass: top dn: uid=admin,ou=system sn: administrator objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: top cn: system administrator userPassword: secret uid: admin displayName: Directory Superuser dn: ou=users,ou=system ou: users objectClass: organizationalUnit objectClass: top dn: ou=groups,ou=system ou: groups objectClass: organizationalUnit objectClass: top dn: cn=administrators,ou=groups,ou=system objectClass: groupOfUniqueNames objectClass: top cn: Administrators uniqueMember: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system dn: ou=configuration,ou=system ou: configuration objectClass: organizationalUnit objectClass: top dn: ou=partitions,ou=configuration,ou=system ou: partitions objectClass: organizationalUnit objectClass: top dn: ou=services,ou=configuration,ou=system ou: services objectClass: organizationalUnit objectClass: top dn: ou=interceptors,ou=configuration,ou=system ou: interceptors objectClass: organizationalUnit objectClass: top dn: prefNodeName=sysPrefRoot,ou=system objectClass: extensibleObject objectClass: top prefNodeName: sysPrefRoot thank you!! 使用 Live Messenger 与联机的朋友进行交流 _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas ________________________________ 与世界各地的联机的朋友进行交流,立即下载免费的 Live Messenger _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
-- Dmitry Kochelaev eVelopers Corporation
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
