CAS连接微软活动目录的配置方法

 <?xml version="1.0" encoding="UTF-8"?>
 <beans xmlns=" http://www.springframework.org/schema/beans "
       xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance "
       xmlns:p=" http://www.springframework.org/schema/p "
       xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd ">
   <bean id="authenticationManager"
  class="org.jasig.cas.authentication.AuthenticationManagerImpl">
     <property name="credentialsToPrincipalResolvers">
   <list>
         <bean
     class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
         <bean
     class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
   </list>
  </property>

     <property name="authenticationHandlers">
   <list>
         <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
     p:httpClient-ref="httpClient" />
         <!--<bean
     class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />-->

     <bean  class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
                               <property name="filter" value="uid=%u" /> 
          <!--seem must have ou node-->
                               <!--<property name="searchBase" value="ou=nsc,dc=nhncdev,dc=com" />  -->
          <property name="searchBase" value="ou=nsc,dc=nhncdev,dc=com" /> 
                               <property name="contextSource" ref="contextSource" />
</bean>

   </list>
  </property>
 </bean>

   <bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
  <property name="userMap">
   <value>
   
      </value>
  </property>
 </bean> 
 
   <bean id="attributeRepository"
  class="org.jasig.services.persondir.support.StubPersonAttributeDao">
  <property name="backingMap">
   <map>
    <entry key="uid" value="uid" />
    <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
    <entry key="groupMembership" value="groupMembership" />
   </map>
  </property>
 </bean> 
 
   <bean
  id="serviceRegistryDao"
  class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />

 <bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
        
   <property name="anonymousReadOnly" value="false" /> 
        
   <property name="userName" value="cn=zhenyu wang,ou=nsc,dc=nhncdev,dc=com" />
         <property name="password" value="Hello123" /> 
         
     
         <property name="pooled" value="true" />
         <property name="urls">
                 <list> 
                                    <value>ldap://10.34.114.54:389/</value>
                 </list>
         </property>

         <property name="baseEnvironmentProperties">
                 <map>
                        <entry>
                                 <key><value>java.naming.security.authentication</value></key>
                                 <value>simple</value>
                        </entry>
                 </map>
         </property>
</bean>

</beans>

说明:在微软活动目录中建立一个用户节点,帐号为wangzhenyu,cn为zhenyu wang,并设置登陆口令,这时候在cas中用wangzhenyu的帐号登陆失败,解决办法是:安装apache directory studio,建立一个到微软活动目录的连接,连接时使用微软活动目录所在的windows2003服务器的超级用户帐号,连接成功后,在LDAP树中找从ou=nsc下找i到CN=zhengyu wang这个节点,给这个节点手工添加一个uid属性，设置uid的值为wangzhenyu,添加成功后，在cas登陆页面中再使用wangzhenyu帐号及ad中设置的口令就可以成功登录了．

--openjweb作者 ldap ad 

CAS连接微软活动目录的配置方法