I configured jasig CAS server with multiple ldap servers and DB
authentication.
My order of authentication is ldap1-->ldap2-->DataBase. Accidentally ldap1
server was down due to some reason. As a result none of the users are able
to login into the application.
Please advice how to handle this cases. Cas server version 3.6.0
This is the configuration of deployerConfigContext.xml
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
p:filter="sAMAccountName=%u"
p:searchBase="*.*"
p:contextSource-ref="contextSource"
p:ignorePartialResultException="true" >
<property name="ldapErrorDefinitions">
<list>
<bean
class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition"
p:ldapPattern="data 530"
p:type="badHours" />
<bean
class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition"
p:ldapPattern="data 533"
p:type="accountDisabled" />
<bean
class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition"
p:ldapPattern="data 773"
p:type="mustChangePassword" />
<bean
class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition"
p:ldapPattern="data 775"
p:type="accountLocked" />
<bean
class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition"
p:ldapPattern="data 531"
p:type="badWorkstation" />
<bean
class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition"
p:ldapPattern="data (701|532)"
p:type="passwordExpired" />
</list>
</property>
</bean>
<bean
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
p:filter="sAMAccountName=%u"
p:searchBase="*.*"
p:contextSource-ref="contextSource1"
p:ignorePartialResultException="true" >
<property name="ldapErrorDefinitions">
<list>
<bean
class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition"
p:ldapPattern="data 530"
p:type="badHours" />
<bean
class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition"
p:ldapPattern="data 533"
p:type="accountDisabled" />
<bean
class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition"
p:ldapPattern="data 773"
p:type="mustChangePassword" />
<bean
class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition"
p:ldapPattern="data 775"
p:type="accountLocked" />
<bean
class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition"
p:ldapPattern="data 531"
p:type="badWorkstation" />
<bean
class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition"
p:ldapPattern="data (701|532)"
p:type="passwordExpired" />
</list>
</property>
</bean>
<!-- This AuthenticationHandlers for Database -->
<bean class="com.ls.authentication.DBAuthenticationHandler">
<property name="dataSource" ref="dataSource" />
<property name="sql" value="${dbCredentialSql}" />
</bean>
<bean id="contextSource1"
class="org.springframework.ldap.core.support.LdapContextSource">
<!-- DO NOT enable JNDI pooling for context sources that perform LDAP bind
operations. -->
<property name="pooled" value="false"/>
<property name="url" value="ldap://x.x.x.x"; /> <!-- AD ip address or
url -->
<property name="userDn" value="*.*"/> <!-- username exist in AD -->
<property name="password" value="*.*"/> <!-- password of user in AD
-->
<!-- Place JNDI environment properties here. -->
<property name="baseEnvironmentProperties">
<map>
<!-- Three seconds is an eternity to users. -->
<entry key="com.sun.jndi.ldap.connect.timeout" value="30000" />
<entry key="com.sun.jndi.ldap.read.timeout" value="30000" />
<!-- Explained at
http://docs.oracle.com/javase/jndi/tutorial/ldap/security/auth.html -->
<entry key="java.naming.security.authentication" value="simple" />
</map>
</property></bean>
<bean id="contextSource"
class="org.springframework.ldap.core.support.LdapContextSource">
<!-- DO NOT enable JNDI pooling for context sources that perform LDAP bind
operations. -->
<property name="pooled" value="false"/>
<property name="url" value="ldap://x.x.x."; /> <!-- AD ip address or
url -->
<property name="userDn" value="*******"/> <!-- username exist in AD
-->
<property name="password" value="******"/> <!-- password of user
in AD -->
<property name="baseEnvironmentProperties">
<map>
<!-- Three seconds is an eternity to users. -->
<entry key="com.sun.jndi.ldap.connect.timeout" value="30000" />
<entry key="com.sun.jndi.ldap.read.timeout" value="30000" />
<!-- Explained at
http://docs.oracle.com/javase/jndi/tutorial/ldap/security/auth.html -->
<entry key="java.naming.security.authentication" value="simple" />
</map>
</property></bean>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f1fd8d83-fe1c-431b-beb7-6e4028a4c190%40apereo.org.
