I want to configure CAS server 4.0 with ApacheDS LDAP. I followed the bellow steps:
1- Based on this Link I modify the deployerConfigContext.xml file. The following beans added to this file:
<bean id="ldapAuthenticationHandler"
class="org.jasig.cas.authentication.LdapAuthenticationHandler"
p:principalIdAttribute="uid"
c:authenticator-ref="authenticator">
<property name="principalAttributeMap">
<map>
<!--
| This map provides a simple attribute resolution mechanism.
| Keys are LDAP attribute names, values are CAS attribute names.
| Use this facility instead of a PrincipalResolver if LDAP is
| the only attribute source.
-->
<entry key="member" value="member" />
<entry key="mail" value="mail" />
<entry key="displayName" value="displayName" />
</map>
</property>
</bean>
<bean id="authenticator" class="org.ldaptive.auth.Authenticator"
c:resolver-ref="dnResolver"
c:handler-ref="authHandler" />
<!--
| The following DN format works for many directories, but may need to be
| customized.
-->
<bean id="dnResolver"
class="org.ldaptive.auth.FormatDnResolver"
c:format="uid=%s,${ldap.baseDn}" />
<bean id="authHandler" class="org.ldaptive.auth.PooledBindAuthenticationHandler"
p:connectionFactory-ref="pooledLdapConnectionFactory" />
<bean id="pooledLdapConnectionFactory"
class="org.ldaptive.pool.PooledConnectionFactory"
p:connectionPool-ref="connectionPool" />
<bean id="connectionPool"
class="org.ldaptive.pool.BlockingConnectionPool"
init-method="initialize"
p:poolConfig-ref="ldapPoolConfig"
p:blockWaitTime="${ldap.pool.blockWaitTime}"
p:validator-ref="searchValidator"
p:pruneStrategy-ref="pruneStrategy"
p:connectionFactory-ref="connectionFactory" />
<bean id="ldapPoolConfig" class="org.ldaptive.pool.PoolConfig"
p:minPoolSize="${ldap.pool.minSize}"
p:maxPoolSize="${ldap.pool.maxSize}"
p:validateOnCheckOut="${ldap.pool.validateOnCheckout}"
p:validatePeriodically="${ldap.pool.validatePeriodically}"
p:validatePeriod="${ldap.pool.validatePeriod}" />
<bean id="connectionFactory" class="org.ldaptive.DefaultConnectionFactory"
p:connectionConfig-ref="connectionConfig" />
<bean id="connectionConfig" class="org.ldaptive.ConnectionConfig"
p:ldapUrl="${ldap.url}"
p:connectTimeout="${ldap.connectTimeout}"
p:useStartTLS="${ldap.useStartTLS}"
p:sslConfig-ref="sslConfig" />
<bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
<property name="credentialConfig">
<bean class="org.ldaptive.ssl.X509CredentialConfig"
p:trustCertificates="${ldap.trustedCert}" />
</property>
</bean>
<bean id="pruneStrategy" class="org.ldaptive.pool.IdlePruneStrategy"
p:prunePeriod="${ldap.pool.prunePeriod}"
p:idleTime="${ldap.pool.idleTime}" />
<bean id="searchValidator" class="org.ldaptive.pool.SearchValidator" />
Also the bellow properties added to the cas.properties:
#========================================
# General properties
#========================================
ldap.url=ldaps://localhost:10636
# LDAP connection timeout in milliseconds
ldap.connectTimeout=30000
# Whether to use StartTLS (probably needed if not SSL connection)
ldap.useStartTLS=true
#========================================
# LDAP connection pool configuration
#========================================
ldap.pool.minSize=3
ldap.pool.maxSize=10
ldap.pool.validateOnCheckout=false
ldap.pool.validatePeriodically=true
# Amount of time in milliseconds to block on pool exhausted condition
# before giving up.
ldap.pool.blockWaitTime=3000
# Frequency of connection validation in seconds
# Only applies if validatePeriodically=true
ldap.pool.validatePeriod=3000
# Attempt to prune connections every N seconds
ldap.pool.prunePeriod=3000
# Maximum amount of time an idle connection is allowed to be in
# pool before it is liable to be removed/destroyed
ldap.pool.idleTime=6000
#========================================
# Authentication
#========================================
ldap.baseDn=dc=example,dc=com
# Base DN of users to be authenticated
ldap.authn.baseDn=dc=example,dc=com
# Manager DN for authenticated searches
ldap.authn.managerDN=uid=admin,ou=system
# Manager password for authenticated searches
ldap.authn.managerPassword=secret
# Search filter used for configurations that require searching for DNs
#ldap.authn.searchFilter=(&(uid={user})(accountState=active))
ldap.authn.searchFilter=(uid={0})
# Search filter used for configurations that require searching for DNs
#ldap.authn.format=uid=%s,ou=Users,dc=example,dc=org
ldap.authn.format=uid=%s,ou=system
ldap.trustedCert=file:/D:/ApacheDS.cer
Also I used InstallCert to add the port of localhosr:8443 (tomcat) and localhost:10636 (ApacheDS) to the cacers file. And with Portecle export the ApacheDS.cer from ApacheDs certification from cacers.
My server.xml file of tomcat modified as bellow:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="50" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:/Program Files/Java/jdk1.7.0_60/jre/lib/security/cacerts"
keystorePass="changeit"
/>
Also the following Jars add to the apache-tomcat-8.0.8\webapps\cas-server-webapp-4.0.0\WEB-INF\lib : cas-server-support-ldap-4.0.0.jar spring-ldap-core-2.0.2.RELEASE.jar spring-ldap-1.2.1.jar ldaptive-1.0.5.jar
Finally! After lots of struggling tries I get the bellow error:
Caused by: java.lang.IllegalStateException: Could not initialize pool size
at org.ldaptive.pool.AbstractConnectionPool.initialize(AbstractConnectionPool.java:258)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1638)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1579)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1509)
... 70 more
Caused by: [org.ldaptive.provider.ConnectionException@3778440::resultCode=null, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1, providerException=javax.naming.ServiceUnavailableException: localhost:10636; socket closed]
at org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory.createInternal(JndiStartTLSConnectionFactory.java:95)
at org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory.createInternal(JndiStartTLSConnectionFactory.java:37)
at org.ldaptive.provider.AbstractProviderConnectionFactory.create(AbstractProviderConnectionFactory.java:99)
at org.ldaptive.DefaultConnectionFactory$DefaultConnection.open(DefaultConnectionFactory.java:295)
at org.ldaptive.pool.AbstractConnectionPool.createConnection(AbstractConnectionPool.java:482)
at org.ldaptive.pool.AbstractConnectionPool.createAvailableConnection(AbstractConnectionPool.java:523)
at org.ldaptive.pool.AbstractConnectionPool.grow(AbstractConnectionPool.java:363)
at org.ldaptive.pool.AbstractConnectionPool.initialize(AbstractConnectionPool.java:252)
... 77 more
Caused by: javax.naming.ServiceUnavailableException: localhost:10636; socket closed
at com.sun.jndi.ldap.Connection.readReply(Connection.java:454)
at com.sun.jndi.ldap.LdapClient.extendedOp(LdapClient.java:1202)
at com.sun.jndi.ldap.LdapCtx.extendedOperation(LdapCtx.java:3206)
at javax.naming.ldap.InitialLdapContext.extendedOperation(InitialLdapContext.java:183)
at org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory.startTLS(JndiStartTLSConnectionFactory.java:134)
at org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory.createInternal(JndiStartTLSConnectionFactory.java:92)
... 84 more
Could you possibly help me to solve this issue! I really don't know the main reason of my problem?
Finally I can find the solution! Listed bellow are the steps that help you to connect to AacheDS through CAS server 4.
Go to conf folder of your Tomcat and edit the server.xml file. You should uncomment the HTTPS part of this file.
As you can see , the certification of HTTPS Tomcat should be added to the cacerts file. You can check the following link to do this: A Simple Step-By-Step Guide To Apache Tomcat SSL Configuration
Go to the apache-tomcat-8.0.8\webapps\cas-server-webapp-4.0.0\WEB-INF and replace deployerConfigContext.xml content with the following: Go to my Blog to copy the content of file
Add the following jar files into apache-tomcat-8.0.8\webapps\cas-server-webapp-4.0.0\WEB-INF\lib
Run ApacheDS
Connect to your ApacheDS with Apache Directory Studio and create a user in dc=example,dc=com
Start Tomcat
Go to the http://localhost:8080/cas-server-webapp-4.0.0/login
Type username and password that you made in the Apache Directory Studio. You can login to CAS with ldap user now!