CAS + openLDAP

realNameeee 2009-09-16 11:18:16

CAS 配置的连接LDAP服务器的配置如下（我用的OpenLdap）

deployerConfigContext.xml



<?xml version="1.0" encoding="UTF-8"?>



<beans xmlns="http://www.springframework.org/schema/beans"

	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

	xmlns:p="http://www.springframework.org/schema/p"

	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">





	<bean id="authenticationManager"

		class="org.jasig.cas.authentication.AuthenticationManagerImpl">



		<property name="credentialsToPrincipalResolvers">

			<list>



				<bean

					class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />



				<bean

					class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />

				

			</list>

		</property>





		<property name="authenticationHandlers">

			<list>

				<!--

					| This is the authentication handler that authenticates services by means of callback via SSL, thereby validating

					| a server side SSL certificate.

					+-->

				<bean

					class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" />

				

				<bean

					class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">

					<property name="filter" value="uid=%u" />

					<property name="searchBase" value="dc=openv,dc=com" /> <!--与我openLdap本地配置一样-->

					<property

						name="contextSource"

						ref="contextSource" />

				</bean>

				

			</list>

		</property>

	</bean>

									

	<bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">

		<property name="anonymousReadOnly" value="false" /><!--此处的 false 不知道啥子意思-->

		<property name="password" value="yale" /><!--密码跟我的也一样-->

		<property name="pooled" value="true" />

		<property name="urls">

			<list>

				<value>ldap://localhost:389/</value>

			</list>

		</property>

		<property name="userName" value="cn=Manager,dc=openv,dc=com" /><!--此处的value 与我的配置一样-->

		<property name="baseEnvironmentProperties">

				<map>  

                <entry>  

                        <key><value>java.naming.security.protocol</value></key>  

                        <value>none</value>  

                    </entry>  

                <entry>  

                        <key><value>java.naming.security.authentication</value></key>  

                        <value>simple</value>  

                    </entry>  

                </map>  

		</property>

	</bean>	







	<bean id="userDetailsService"

		class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">

		<property name="userMap">

			<value></value>

		</property>

	</bean>



	

	<bean id="attributeRepository"

		class="org.jasig.services.persondir.support.StubPersonAttributeDao">

		<property name="backingMap">

			<map>

				<entry key="uid" value="uid" />

				<entry key="eduPersonAffiliation"

					value="eduPersonAffiliation" />

				<entry key="groupMembership" value="groupMembership" />

			</map>

		</property>

	</bean>



		<bean id="serviceRegistryDao"

		class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />

</beans>

openLdap

配置



 #定义最顶层的目录入口

dn: dc=openv,dc=com

objectClass: dcObject

objectClass: organization

o: Open-V

dc: openv



#定义Manager用户

dn: cn=Manager,dc=openv,dc=com  

objectclass: organizationalRole

cn: Manager

description: OpenLDAP Manager



#定义含有用户的目录入口

dn: ou=users,dc=openv,dc=com

objectClass: organizationalUnit

ou: users







#定义yale用户

dn: uid=yale,ou=users,dc=openv,dc=com

objectClass: inetOrgPerson

sn: yale

cn: yale

uid: yale

userPassword: yale



#定义含有角色的目录入口

dn: ou=groups,dc=openv,dc=com

objectClass: organizationalUnit

ou: groups



#定义ROLE_USER角色

dn: cn=ROLE_USER,ou=groups,dc=openv,dc=com

objectClass: groupOfNames

cn: ROLE_USER

member: uid=yale,ou=users,dc=openv,dc=com



#定义ROLE_SUPERVISOR角色

dn: cn=ROLE_SUPERVISOR,ou=groups,dc=openv,dc=com

objectClass: groupOfNames

cn: ROLE_SUPERVISOR

member: uid=qiujinyong,ou=users,dc=openv,dc=com

访问https://localhost:8443/cas 输入用户名密码 yale 的时候 tomcat 后台是INFO 信息

org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler failed to authenticate the user which provided the following credentials : yale

求大牛解答

...全文

2408 12 打赏收藏转发到动态举报

写回复

用AI写文章

12 条回复

切换为时间正序

请发表友善的回复…

发表回复

diggywang 2009-09-18

打赏
举报

[Quote=引用 6 楼 yanke1014 的回复:]
日志级别是改
conf\logging.properties
的INFO么？

[/Quote]

我也不太清楚改哪个，反正和log有关的配置文件应该一目了然的吧（不是tomcat的，应该是yale cas的），看看里面有没有level=INFO之类的，有就改成DEBUG。

realNameeee 2009-09-18

打赏
举报

[Quote=引用 7 楼 systemking 的回复:]
顶 ....回家吃饭
[/Quote]

给我多顶几次

realNameeee 2009-09-18

打赏
举报

再次谢谢你朋友

realNameeee 2009-09-18

打赏
举报

谢谢你兄弟，我解决了，我犯了一个致命的错误，写好了 .ldif 文件一直未导入到 openLdap 数据库里！

以上配置一切正常的

realNameeee 2009-09-18

打赏
举报

日志修改DEBUG后

出现新的提示

INFO [org.jasig.cas.web.flow.InitialFlowSetupAction]-Attempting to create TicketGrantingTicket for yaleINFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler failed to authenticate the user which provided the following credentials : yale>

realNameeee 2009-09-17

打赏
举报

补充：
上边的JNDI

测试输出

认证成功



entry: ,dc=openv,dc=com

telephoneNumber: 110

l: CQHG

dc: openv

description: yale

objectClass: dcObject

objectClass: organization

o: Open-V

终于看到回复了，谢谢了先

代码里头没有exception，

这里我用的YELE CAS 的这个东东cas-server-webapp-3.1.1.war 改了个名字，解压后改了WEB-INF/deployerConfigContext.xml 配置(改成LDAP连接方式)，就放tomcat 下，跑起了起来

若若的问一声日志级别是改
conf\logging.properties
的INFO么？

diggywang 2009-09-17

打赏
举报

俺不是大牛，所以也一直在等。直到现在也没人提解决方法，所以决定仔细看看，凑凑热闹。

按后台报的提示，应该是登陆ldap的用户提供的“yale”证书在ldap中无法通过认证。

你现在提供的信息太少，代码中所有exception应打印出完整trace，tomcat logger级别调至debug。

SystemKing 2009-09-17

打赏
举报

顶 ....回家吃饭

realNameeee 2009-09-16

打赏
举报

这些人，真是的分儿都不要！

realNameeee 2009-09-16

打赏
举报

自己顶，顶到天荒地老，顶到海枯石烂，顶到牛哥给我来指点！

realNameeee 2009-09-16

打赏
举报

补充：



import java.util.Hashtable;

import javax.naming.directory.*;

import java.util.*;

import javax.naming.*;



public class Java4Ldap {



	DirContext dc = null;



	String account = "Manager"; // 操作LDAP的帐户。默认就是Manager。



	String password = "yale"; // 帐户Manager的密码。



	String root = "dc=openv,dc=com"; // LDAP的根节点的DC 



	public CopyOfJava4Ldap() {

		init();

		searchInformation("dc=openv,dc=com", "", "(objectclass=*)");// 遍历所有根节点

		close();

	}



	public void init() {

		Hashtable env = new Hashtable();

		env.put(Context.INITIAL_CONTEXT_FACTORY,

				"com.sun.jndi.ldap.LdapCtxFactory");

		env.put(Context.PROVIDER_URL, "ldap://localhost:389/");

		env.put(Context.SECURITY_AUTHENTICATION, "simple");

		env.put(Context.SECURITY_PRINCIPAL, "cn=" + account + "," + root);

		env.put(Context.SECURITY_CREDENTIALS, password);

		try {

			dc = new InitialDirContext(env);// 初始化上下文

			System.out.println("认证成功");// 这里可以改成异常抛出。

		} catch (javax.naming.AuthenticationException e) {

			System.out.println("认证失败");

		} catch (Exception e) {

			System.out.println("认证出错：" + e);

		}

	}



	public void close() {

		if (dc != null) {

			try {

				dc.close();

			} catch (NamingException e) {

				System.out.println("NamingException in close():" + e);

			}

		}

	}



	public void searchInformation(String base, String scope, String filter) {

		SearchControls sc = new SearchControls();

		if (scope.equals("base")) {

			sc.setSearchScope(SearchControls.OBJECT_SCOPE);

		} else if (scope.equals("one")) {

			sc.setSearchScope(SearchControls.ONELEVEL_SCOPE);

		} else {

			sc.setSearchScope(SearchControls.SUBTREE_SCOPE);

		}



		NamingEnumeration ne = null;

		try {

			ne = dc.search(base, filter, sc);

			// Use the NamingEnumeration object to cycle through

			// the result set.

			while (ne.hasMore()) {

				System.out.println();

				SearchResult sr = (SearchResult) ne.next();

				String name = sr.getName();

				if (base != null && !base.equals("")) {

					System.out.println("entry: " + name + "," + base);

				} else {

					System.out.println("entry: " + name);

				}



				Attributes at = sr.getAttributes();

				NamingEnumeration ane = at.getAll();



				while (ane.hasMore()) {

					Attribute attr = (Attribute) ane.next();

					String attrType = attr.getID();

					NamingEnumeration values = attr.getAll();

					Vector vals = new Vector();

					// Another NamingEnumeration object, this time

					// to iterate through attribute values.

					while (values.hasMore()) {

						Object oneVal = values.nextElement();

						if (oneVal instanceof String) {

							System.out.println(attrType + ": "

									+ (String) oneVal);

						} else {

							System.out.println(attrType + ": "

									+ new String((byte[]) oneVal));

						}

					}

				}

			}

		} catch (Exception nex) {

			System.err.println("Error: " + nex.getMessage());

			nex.printStackTrace();

		}

	}



	public static void main(String[] args) {

		// Java4Ldap ins =

		new Java4Ldap();

	}

}