Inas, Is there any reason you are going through JAAS for LDAP authentication instead of using the LDAP authentication handler?
LDAP wiki entry: http://www.ja-sig.org/wiki/display/CASUM/LDAP JAAS wiki entry: http://www.ja-sig.org/wiki/display/CASUM/JAAS HTH, A- On 1/15/09 2:51 PM, "inas inassen" <mezgh...@hotmail.com> wrote: > > Hi all, > > I'm trying to configure CAS to authenticate against an LDAP and my > applications are using JAAS as an Authentication and Autorization framework. > > Everything work fine using Tomcat JNDIRealm > > My Tomcat JNDIRealm > > > <Realm className="org.apache.catalina.realm.JNDIRealm" > connectionURL="ldap://ladpsrv:389/ou=ait,o=b2b,dc=net" > userPattern="uid={0},ou=people,ou=ait,o=b2b,dc=net" > roleBase="ou=roles,ou=ait,o=b2b,dc=net" > roleName="cn" > roleSearch="(uniqueMember={0})" /> > > > this is my jaas.conf file (configured in > -Djava.security.auth.login.config=jaas.conf) > > > CAS { > edu.uconn.netid.jaas.LDAPLoginModule sufficient > java.naming.provider.url="ldap://ladpsrv:389/ou=ait,o=b2b,dc=net" > java.naming.security.principal="cn=Manager,ou=ait,o=b2b,dc=net" > java.naming.security.credentials="secret" > Attribute="uid" > startTLS="true"; > }; > > > and this is my delpoyConfigContext file > > <?xml version="1.0" encoding="UTF-8"?> > <beans xmlns="http://www.springframework.org/schema/beans" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xmlns:p="http://www.springframework.org/schema/p" > xsi:schemaLocation="http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd"> > <bean id="authenticationManager" > class="org.jasig.cas.authentication.AuthenticationManagerImpl"> > <property name="credentialsToPrincipalResolvers"> > <list> > <bean > class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPri > ncipalResolver" /> > <bean > class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPri > ncipalResolver" /> > </list> > </property> > <property name="authenticationHandlers"> > <list> > <bean > class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredential > sAuthenticationHandler" p:httpClient-ref="httpClient" /> > <bean > class="org.jasig.cas.authentication.handler.support.JaasAuthenticationHandler" > /> > <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> > <property name="filter" value="uid=%u" /> > <property name="searchBase" value="ou=people,ou=ait,o=b2b,dc=net" /> > <property name="contextSource" ref="contextSource" /> > </bean> > </list> > </property> > </bean> > > <bean id="userDetailsService" > class="org.springframework.security.userdetails.memory.InMemoryDaoImpl"> > <property name="userMap"> > <value></value> > </property> > </bean> > > <bean id="attributeRepository" > class="org.jasig.services.persondir.support.StubPersonAttributeDao"> > <property name="backingMap"> > <map> > <entry key="uid" value="uid" /> > <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> > <entry key="groupMembership" value="groupMembership" /> > </map> > </property> > </bean> > > <bean id="serviceRegistryDao" > class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" /> > > <!-- LDAP context --> > <bean id="contextSource" > class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> > <property name="pooled" value="true"/> > <property name="urls"> > <list> > <value>ldap://ladpsrv:389/ou=ait,o=b2b,dc=net</value> > </list> > </property> > <property name="userName" value="cn=Manager,ou=ait,o=b2b,dc=net"/> > <property name="password" value="secret"/> > <property name="baseEnvironmentProperties"> > <map> > <entry> > <key> > <value>java.naming.security.authentication</value> > </key> > <value>simple</value> > </entry> > > <entry> > <key> > <value>ldap.initial.context.factory</value> > </key> > <value>com.sun.jndi.ldap.LdapCtxFactory</value> > </entry> > </map> > </property> > </bean> > > </beans> > > > my ldap schema is > > ou=ait,o=b2b,dc=net > ou=people > uid=user1 > uid=user2 > ou=roles > cn=role1 > uniqueMember: uid=user1,ou=people,ou=ait,o=b2b,dc=net > cn=role2 > uniqueMember: uid=user2,ou=people,ou=ait,o=b2b,dc=net > > > > when I try to login I get a bad credential > > any help please? > > thanks a lot. > > Mezghena. > > > > > Découvrez toutes les possibilités de communication avec vos proches > <http://www.microsoft.com/windows/windowslive/default.aspx> > > > Découvrez tout ce que Windows Live a à vous apporter ! > <http://www.microsoft.com/windows/windowslive/> > > _______________________________________________ > Yale CAS mailing list > cas@tp.its.yale.edu > http://tp.its.yale.edu/mailman/listinfo/cas > > -- > Andrew Feller, Analyst > LSU University Information Services > 200 Frey Computing Services Center > Baton Rouge, LA 70803 > Office: 225.578.3737 > Fax: 225.578.6400
_______________________________________________ Yale CAS mailing list cas@tp.its.yale.edu http://tp.its.yale.edu/mailman/listinfo/cas