Hi Lutfi,
In your deployerConfigContext try to replace:
<entry key-ref="ldapAuthenticationHandler" value="#{null}" />
by:
<entry key-ref="ldapAuthenticationHandler"
value-ref="usernamePasswordCredentialsResolver" />
and add the bean:
<bean id="usernamePasswordCredentialsResolver"
class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
plus:
<bean id="ldapAuthenticationHandler"
...
p:principalIdAttribute="cn"
...
<entry key="cn" value="cn" />
...
</bean>
try with uid attribute instead of cn.
an other option in cas.properties, try ldap.useStartTLS=false
Regards,
Alex
Le 29/10/2015 14:57, Lutfi Oduncuoglu a écrit :
> Hello,
>
> I change those values before I added files to my mail. Actually while
> doing mvn package it connects to ldap and confirms the credential and
> other stuff. I can send those log if you want.
>
> Regards
>
> On Thu, Oct 29, 2015 at 4:47 PM, Christopher Myers
> <cmy...@mail.millikin.edu <mailto:cmy...@mail.millikin.edu>> wrote:
>
> It looks like you might have just copied the config from the
> examples without modifying it to fit your environment; for
> example, the cas.properties file says that your LDAP server is
>
> ldap.url=ldap://localhost:389
>
> and the deployerConfigContext file says that your base DN is
> p:baseDn="ou=users,dc=example,dc=com"
>
> with bind credentials of
> ldap.authn.baseDn=ou=Users,dc=example,dc=com
> ldap.authn.managerDN=cn=admin,dc=example,dc=com
> ldap.authn.managerPassword=qwerty123
>
> so you might want to review the settings and make sure that
> they've been tweaked for your environment.
>
> Chris
>
>
>
>
> >>> Lutfi Oduncuoglu <lutfioduncuo...@gmail.com
> <mailto:lutfioduncuo...@gmail.com>> 10/29/15 8:34 AM >>>
>
> Hello,
>
> I have just started to use CAS and I want to authenticate users
> over my local ldap server. I did the exact configuration at
> http://jasig.github.io/cas/4.0.x/installation/LDAP-Authentication.html.
> I added that parts to deployerconfig.xml and cas.properties.
> Tomcat running in ssl mode, so I connect CAS via https.
>
> However when I try to login CAS does not connect ldap. As you can
> see from catalina.out
>
> 2015-10-29 15:31:20,466 INFO
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
> <AcceptUsersAuthenticationHandler failed authenticating
> deneme+password>
> 2015-10-29 15:31:20,466 INFO
> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
> - <Audit trail record BEGIN
> =============================================================
> WHO: audit:unknown
> WHAT: supplied credentials: [test+password]
> ACTION: AUTHENTICATION_FAILED
> APPLICATION: CAS
> WHEN: Thu Oct 29 15:31:20 EET 2015
> CLIENT IP ADDRESS: 10.6.16.15
> SERVER IP ADDRESS: 10.6.16.16
> =============================================================
>
> >
> 2015-10-29 15:31:20,467 INFO
> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
> - <Audit trail record BEGIN
> =============================================================
> WHO: audit:unknown
> WHAT: 1 errors, 0 successes
> ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
> APPLICATION: CAS
> WHEN: Thu Oct 29 15:31:20 EET 2015
> CLIENT IP ADDRESS: 10.6.16.15
> SERVER IP ADDRESS: 10.6.16.16
> =============================================================
>
> >
> 2015-10-29 15:31:21,039 INFO
> [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading
> registered services.>
> 2015-10-29 15:31:21,039 INFO
> [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 1
> services.>
>
>
> My xml files are below.
>
> Thank you very much for help
>
>
> pom.xml
>
>
> <!--
> ~ Licensed to Jasig under one or more contributor license
> ~ agreements. See the NOTICE file distributed with this work
> ~ for additional information regarding copyright ownership.
> ~ Jasig licenses this file to you under the Apache License,
> ~ Version 2.0 (the "License"); you may not use this file
> ~ except in compliance with the License. You may obtain a
> ~ copy of the License at the following location:
> ~
> ~ http://www.apache.org/licenses/LICENSE-2.0
> ~
> ~ Unless required by applicable law or agreed to in writing,
> ~ software distributed under the License is distributed on an
> ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> ~ KIND, either express or implied. See the License for the
> ~ specific language governing permissions and limitations
> ~ under the License.
> -->
>
> <project xmlns="http://maven.apache.org/POM/4.0.0";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> http://maven.apache.org/maven-v4_0_0.xsd";>
> <parent>
> <groupId>org.jasig.cas</groupId>
> <artifactId>cas-server</artifactId>
> <version>4.0.0</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>cas-server-webapp</artifactId>
> <packaging>war</packaging>
> <name>Jasig CAS Web Application</name>
> <dependencies>
> <dependency>
> <groupId>org.jasig.cas</groupId>
> <artifactId>cas-server-webapp-support</artifactId>
> <version>${project.version}</version>
> <scope>compile</scope>
> </dependency>
> <dependency>
> <groupId>org.springframework</groupId>
> <artifactId>spring-expression</artifactId>
> <version>${spring.version}</version>
> <scope>runtime</scope>
> </dependency>
> <dependency>
> <groupId>javax.servlet</groupId>
> <artifactId>jstl</artifactId>
> <version>1.1.2</version>
> <type>jar</type>
> <scope>runtime</scope>
> </dependency>
> <dependency>
> <groupId>taglibs</groupId>
> <artifactId>standard</artifactId>
> <version>1.1.2</version>
> <type>jar</type>
> <scope>runtime</scope>
> </dependency>
> <dependency>
> <groupId>org.jasig.cas</groupId>
> <artifactId>cas-server-support-ldap</artifactId>
> <version>4.0.0</version>
> </dependency>
> </dependencies>
>
> <build>
> <plugins>
> <plugin>
> <groupId>org.apache.maven.plugins</groupId>
> <artifactId>maven-war-plugin</artifactId>
> <configuration>
> <warName>cas</warName>
> <webResources>
> <resource>
> <directory>${basedir}/src/main/webapp/WEB-INF</directory>
> <filtering>true</filtering>
> <targetPath>WEB-INF</targetPath>
> <includes>
> <include>**/web.xml</include>
> </includes>
> </resource>
> </webResources>
> </configuration>
> </plugin>
> </plugins>
> </build>
>
> <properties>
> <cs.dir>${project.parent.basedir}</cs.dir>
> </properties>
> </project>
>
> deployerConfigContext.xml
>
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!--
>
> Licensed to Jasig under one or more contributor license
> agreements. See the NOTICE file distributed with this work
> for additional information regarding copyright ownership.
> Jasig licenses this file to you under the Apache License,
> Version 2.0 (the "License"); you may not use this file
> except in compliance with the License. You may obtain a
> copy of the License at the following location:
>
> http://www.apache.org/licenses/LICENSE-2.0
>
> Unless required by applicable law or agreed to in writing,
> software distributed under the License is distributed on an
> "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> KIND, either express or implied. See the License for the
> specific language governing permissions and limitations
> under the License.
>
> -->
> <!--
> | deployerConfigContext.xml centralizes into one file some of the
> declarative configuration that
> | all CAS deployers will need to modify.
> |
> | This file declares some of the Spring-managed JavaBeans that
> make up a CAS deployment.
> | The beans declared in this file are instantiated at context
> initialization time by the Spring
> | ContextLoaderListener declared in web.xml. It finds this file
> because this
> | file is among those declared in the context parameter
> "contextConfigLocation".
> |
> | By far the most common change you will need to make in this file
> is to change the last bean
> | declaration to replace the default authentication handler with
> | one implementing your approach for authenticating usernames and
> passwords.
> +-->
>
> <beans xmlns="http://www.springframework.org/schema/beans";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xmlns:p="http://www.springframework.org/schema/p";
> xmlns:c="http://www.springframework.org/schema/c";
> xmlns:tx="http://www.springframework.org/schema/tx";
> xmlns:util="http://www.springframework.org/schema/util";
> xmlns:sec="http://www.springframework.org/schema/security";
>
> xsi:schemaLocation="http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
> http://www.springframework.org/schema/tx
> http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
> http://www.springframework.org/schema/security
> http://www.springframework.org/schema/security/spring-security-3.2.xsd
> http://www.springframework.org/schema/util
> http://www.springframework.org/schema/util/spring-util.xsd";>
>
> <!--
> | The authentication manager defines security policy for
> authentication by specifying at a minimum
> | the authentication handlers that will be used to
> authenticate credential. While the AuthenticationManager
> | interface supports plugging in another implementation,
> the default PolicyBasedAuthenticationManager should
> | be sufficient in most cases.
> +-->
> <bean id="authenticationManager"
> class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
> <constructor-arg>
> <map>
> <!--
> | IMPORTANT
> | Every handler requires a unique name.
> | If more than one instance of the same handler
> class is configured, you must explicitly
> | set its name to something other than its
> default name (typically the simple class name).
> -->
> <entry key-ref="proxyAuthenticationHandler"
> value-ref="proxyPrincipalResolver" />
> <entry key-ref="primaryAuthenticationHandler"
> value-ref="primaryPrincipalResolver" />
> <entry key-ref="ldapAuthenticationHandler"
> value="#{null}" />
> </map>
> </constructor-arg>
>
> <!-- Uncomment the metadata populator to allow clearpass
> to capture and cache the password
> This switch effectively will turn on clearpass.
> <property name="authenticationMetaDataPopulators">
> <util:list>
> <bean
>
> class="org.jasig.cas.extension.clearpass.CacheCredentialsMetaDataPopulator"
> c:credentialCache-ref="encryptedMap" />
> </util:list>
> </property>
> -->
>
> <!--
> | Defines the security policy around authentication.
> Some alternative policies that ship with CAS:
> |
> | * NotPreventedAuthenticationPolicy - all credential
> must either pass or fail authentication
> | * AllAuthenticationPolicy - all presented credential
> must be authenticated successfully
> | * RequiredHandlerAuthenticationPolicy - specifies a
> handler that must authenticate its credential to pass
> -->
> <property name="authenticationPolicy">
> <bean
> class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
> </property>
> </bean>
>
> <!-- Required for proxy ticket mechanism. -->
> <bean id="proxyAuthenticationHandler"
>
> class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> p:httpClient-ref="httpClient" />
>
> <!--
> | TODO: Replace this component with one suitable for your
> enviroment.
> |
> | This component provides authentication for the kind of
> credential used in your environment. In most cases
> | credential is a username/password pair that lives in a
> system of record like an LDAP directory.
> | The most common authentication handler beans:
> |
> | * org.jasig.cas.authentication.LdapAuthenticationHandler
> | *
> org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler
> | *
>
> org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler
> | *
>
> org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler
> -->
> <bean id="ldapAuthenticationHandler"
> class="org.jasig.cas.authentication.LdapAuthenticationHandler"
> p:principalIdAttribute="cn"
> c:authenticator-ref="authenticator">
> <property name="principalAttributeMap">
> <map>
> <!--
> | This map provides a simple attribute resolution
> mechanism.
> | Keys are LDAP attribute names, values are CAS
> attribute names.
> | Use this facility instead of a PrincipalResolver
> if LDAP is
> | the only attribute source.
> -->
> <entry key="cn" value="cn" />
> </map>
> </property>
> </bean>
>
> <bean id="authenticator" class="org.ldaptive.auth.Authenticator"
> c:resolver-ref="dnResolver"
> c:handler-ref="authHandler" />
>
> <bean id="dnResolver" class="org.ldaptive.auth.PooledSearchDnResolver"
> p:baseDn="ou=users,dc=example,dc=com"
> p:subtreeSearch="true"
> p:allowMultipleDns="false"
> p:connectionFactory-ref="searchPooledLdapConnectionFactory"
> p:userFilter="uid={user}" />
>
> <bean id="searchPooledLdapConnectionFactory"
> class="org.ldaptive.pool.PooledConnectionFactory"
> p:connectionPool-ref="searchConnectionPool" />
>
> <bean id="searchConnectionPool" parent="abstractConnectionPool"
> p:connectionFactory-ref="searchConnectionFactory" />
>
> <bean id="searchConnectionFactory"
> class="org.ldaptive.DefaultConnectionFactory"
> p:connectionConfig-ref="searchConnectionConfig" />
>
> <bean id="searchConnectionConfig" parent="abstractConnectionConfig"
> p:connectionInitializer-ref="bindConnectionInitializer" />
>
> <bean id="bindConnectionInitializer"
> class="org.ldaptive.BindConnectionInitializer"
> p:bindDn="cn=admin,dc=example,dc=com">
> <property name="bindCredential">
> <bean class="org.ldaptive.Credential"
> c:password="password" />
> </property>
> </bean>
>
> <bean id="abstractConnectionPool" abstract="true"
> class="org.ldaptive.pool.BlockingConnectionPool"
> init-method="initialize"
> p:poolConfig-ref="ldapPoolConfig"
> p:blockWaitTime="3000"
> p:validator-ref="searchValidator"
> p:pruneStrategy-ref="pruneStrategy" />
>
> <bean id="abstractConnectionConfig" abstract="true"
> class="org.ldaptive.ConnectionConfig"
> p:ldapUrl="ldap://localhost:389";
> p:connectTimeout="3000"
> p:useStartTLS="false"/>
> <!--p:sslConfig-ref="sslConfig" /-->
>
> <bean id="ldapPoolConfig" class="org.ldaptive.pool.PoolConfig"
> p:minPoolSize="3"
> p:maxPoolSize="10"
> p:validateOnCheckOut="false"
> p:validatePeriodically="true"
> p:validatePeriod="300" />
>
> <!--bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
> <property name="credentialConfig">
> <bean class="org.ldaptive.ssl.X509CredentialConfig"
> p:trustCertificates="${ldap.trustedCert}" />
> </property>
> </bean-->
>
> <bean id="pruneStrategy" class="org.ldaptive.pool.IdlePruneStrategy"
> p:prunePeriod="300"
> p:idleTime="600" />
>
> <bean id="searchValidator"
> class="org.ldaptive.pool.SearchValidator" />
>
> <bean id="authHandler"
> class="org.ldaptive.auth.PooledBindAuthenticationHandler"
> p:connectionFactory-ref="bindPooledLdapConnectionFactory" />
>
> <bean id="bindPooledLdapConnectionFactory"
> class="org.ldaptive.pool.PooledConnectionFactory"
> p:connectionPool-ref="bindConnectionPool" />
>
> <bean id="bindConnectionPool" parent="abstractConnectionPool"
> p:connectionFactory-ref="bindConnectionFactory" />
>
> <bean id="bindConnectionFactory"
> class="org.ldaptive.DefaultConnectionFactory"
> p:connectionConfig-ref="bindConnectionConfig" />
>
> <bean id="bindConnectionConfig" parent="abstractConnectionConfig" />
>
> <bean id="primaryAuthenticationHandler"
> class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
> <property name="users">
> <map>
> <entry key="casuser" value="Mellon"/>
> </map>
> </property>
> </bean>
>
> <!-- Required for proxy ticket mechanism -->
> <bean id="proxyPrincipalResolver"
> class="org.jasig.cas.authentication.principal.BasicPrincipalResolver"
> />
>
> <!--
> | Resolves a principal from a credential using an attribute
> repository that is configured to resolve
> | against a deployer-specific store (e.g. LDAP).
> -->
> <bean id="primaryPrincipalResolver"
>
> class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver"
> >
> <property name="attributeRepository"
> ref="attributeRepository" />
> </bean>
>
> <!--
> Bean that defines the attributes that a service may return.
> This example uses the Stub/Mock version. A real implementation
> may go against a database or LDAP server. The id should
> remain "attributeRepository" though.
> +-->
> <bean id="attributeRepository"
> class="org.jasig.services.persondir.support.StubPersonAttributeDao"
> p:backingMap-ref="attrRepoBackingMap" />
>
> <util:map id="attrRepoBackingMap">
> <entry key="uid" value="uid" />
> <entry key="eduPersonAffiliation"
> value="eduPersonAffiliation" />
> <entry key="groupMembership" value="groupMembership" />
> </util:map>
>
> <!--
> Sample, in-memory data store for the ServiceRegistry. A real
> implementation
> would probably want to replace this with the JPA-backed
> ServiceRegistry DAO
> The name of this bean should remain "serviceRegistryDao".
> +-->
> <bean id="serviceRegistryDao"
> class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"
> p:registeredServices-ref="registeredServicesList" />
>
> <util:list id="registeredServicesList">
> <bean class="org.jasig.cas.services.RegexRegisteredService"
> p:id="0" p:name="HTTP and IMAP"
> p:description="Allows HTTP(S) and IMAP(S) protocols"
> p:serviceId="^(https?|imaps?)://.*"
> p:evaluationOrder="10000001" />
> <!--
> Use the following definition instead of the above to
> further restrict access
> to services within your domain (including sub domains).
> Note that example.com <http://example.com> must be
> replaced with the domain you wish to permit.
> This example also demonstrates the configuration of an
> attribute filter
> that only allows for attributes whose length is 3.
> -->
> <!--
> <bean class="org.jasig.cas.services.RegexRegisteredService">
> <property name="id" value="1" />
> <property name="name" value="HTTP and IMAP on
> example.com <http://example.com>" />
> <property name="description" value="Allows HTTP(S) and
> IMAP(S) protocols on example.com <http://example.com>" />
> <property name="serviceId"
> value="^(https?|imaps?)://([A-Za-z0-9_-]+\.)*example\.com/.*" />
> <property name="evaluationOrder" value="0" />
> <property name="attributeFilter">
> <bean
>
> class="org.jasig.cas.services.support.RegisteredServiceRegexAttributeFilter"
> c:regex="^\w{3}$" />
> </property>
> </bean>
> -->
> </util:list>
>
> <bean id="auditTrailManager"
> class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager"
> />
>
> <bean id="healthCheckMonitor"
> class="org.jasig.cas.monitor.HealthCheckMonitor"
> p:monitors-ref="monitorsList" />
>
> <util:list id="monitorsList">
> <bean class="org.jasig.cas.monitor.MemoryMonitor"
> p:freeMemoryWarnThreshold="10" />
> <!--
> NOTE
> The following ticket registries support SessionMonitor:
> * DefaultTicketRegistry
> * JpaTicketRegistry
> Remove this monitor if you use an unsupported registry.
> -->
> <bean class="org.jasig.cas.monitor.SessionMonitor"
> p:ticketRegistry-ref="ticketRegistry"
> p:serviceTicketCountWarnThreshold="5000"
> p:sessionCountWarnThreshold="100000" />
> </util:list>
> </beans>
>
>
> and cas.properties file
>
> #
> # Licensed to Jasig under one or more contributor license
> # agreements. See the NOTICE file distributed with this work
> # for additional information regarding copyright ownership.
> # Jasig licenses this file to you under the Apache License,
> # Version 2.0 (the "License"); you may not use this file
> # except in compliance with the License. You may obtain a
> # copy of the License at the following location:
> #
> # http://www.apache.org/licenses/LICENSE-2.0
> #
> # Unless required by applicable law or agreed to in writing,
> # software distributed under the License is distributed on an
> # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> # KIND, either express or implied. See the License for the
> # specific language governing permissions and limitations
> # under the License.
> #
>
> server.name <http://server.name>=http://localhost:8080
> server.prefix=${server.name <http://server.name>}/cas
> # IP address or CIDR subnet allowed to access the /status URI of
> CAS that exposes health check information
> cas.securityContext.status.allowedSubnet=127.0.0.1
>
>
> cas.themeResolver.defaultThemeName=cas-theme-default
> cas.viewResolver.basename=default_views
>
> ##
> # Unique CAS node name
> # host.name <http://host.name> is used to generate unique Service
> Ticket IDs and SAMLArtifacts. This is usually set to the specific
> # hostname of the machine running the CAS node, but it could be
> any label so long as it is unique in the cluster.
> host.name <http://host.name>=cas01.example.org
> <http://cas01.example.org>
>
> ##
> # Database flavors for Hibernate
> #
> # One of these is needed if you are storing Services or Tickets in
> an RDBMS via JPA.
> #
> # database.hibernate.dialect=org.hibernate.dialect.OracleDialect
> # database.hibernate.dialect=org.hibernate.dialect.MySQLInnoDBDialect
> # database.hibernate.dialect=org.hibernate.dialect.HSQLDialect
>
> ##
> # CAS Logout Behavior
> # WEB-INF/cas-servlet.xml
> #
> # Specify whether CAS should redirect to the specified service
> parameter on /logout requests
> # cas.logout.followServiceRedirects=false
>
> ##
> # Single Sign-On Session Timeouts
> # Defaults sourced from
> WEB-INF/spring-configuration/ticketExpirationPolices.xml
> #
> # Maximum session timeout - TGT will expire in
> maxTimeToLiveInSeconds regardless of usage
> # tgt.maxTimeToLiveInSeconds=28800
> #
> # Idle session timeout - TGT will expire sooner than
> maxTimeToLiveInSeconds if no further requests
> # for STs occur within timeToKillInSeconds
> # tgt.timeToKillInSeconds=7200
>
> ##
> # Service Ticket Timeout
> # Default sourced from
> WEB-INF/spring-configuration/ticketExpirationPolices.xml
> #
> # Service Ticket timeout - typically kept short as a control
> against replay attacks, default is 10s. You'll want to
> # increase this timeout if you are manually testing service ticket
> creation/validation via tamperdata or similar tools
> # st.timeToKillInSeconds=10
>
> ##
> # Single Logout Out Callbacks
> # Default sourced from
> WEB-INF/spring-configuration/argumentExtractorsConfiguration.xml
> #
> # To turn off all back channel SLO requests set slo.disabled to true
> # slo.callbacks.disabled=false
>
> ##
> # Service Registry Periodic Reloading Scheduler
> # Default sourced from
> WEB-INF/spring-configuration/applicationContext.xml
> #
> # Force a startup delay of 2 minutes.
> # service.registry.quartz.reloader.startDelay=120000
> #
> # Reload services every 2 minutes
> # service.registry.quartz.reloader.repeatInterval=120000
>
> ##
> # Log4j
> # Default sourced from
> WEB-INF/spring-configuration/log4jConfiguration.xml:
> #
> # It is often time helpful to externalize log4j.xml to a system
> path to preserve settings between upgrades.
> # e.g. log4j.config.location=/etc/cas/log4j.xml
> # log4j.config.location=classpath:log4j.xml
> #
> # log4j refresh interval in millis
> # log4j.refresh.interval=60000
>
> ##
> # Password Policy
> #
> # Warn all users of expiration date regardless of warningDays value.
> password.policy.warnAll=false
>
> # Threshold number of days to begin displaying password expiration
> warnings.
> password.policy.warningDays=30
>
> # URL to which the user will be redirected to change the passsword.
> password.policy.url=https://password.example.edu/change
>
> #========================================
> # General properties
> #========================================
> ldap.url=ldap://localhost:389
>
> # LDAP connection timeout in milliseconds
> ldap.connectTimeout=3000
>
> # Whether to use StartTLS (probably needed if not SSL connection)
> ldap.useStartTLS=true
>
> #========================================
> # LDAP connection pool configuration
> #========================================
> ldap.pool.minSize=3
> ldap.pool.maxSize=10
> ldap.pool.validateOnCheckout=false
> ldap.pool.validatePeriodically=true
>
> # Amount of time in milliseconds to block on pool exhausted condition
> # before giving up.
> ldap.pool.blockWaitTime=3000
>
> # Frequency of connection validation in seconds
> # Only applies if validatePeriodically=true
> ldap.pool.validatePeriod=300
>
> # Attempt to prune connections every N seconds
> ldap.pool.prunePeriod=300
>
> # Maximum amount of time an idle connection is allowed to be in
> # pool before it is liable to be removed/destroyed
> ldap.pool.idleTime=600
>
> #========================================
> # Authentication
> #========================================
>
> # Base DN of users to be authenticated
> ldap.authn.baseDn=ou=Users,dc=example,dc=com
>
> # Manager DN for authenticated searches
> #ldap.authn.managerDN=uid=manager,ou=Users,dc=example,dc=org
> ldap.authn.managerDN=cn=admin,dc=example,dc=com
>
> # Manager password for authenticated searches
> ldap.authn.managerPassword=qwerty123
>
> # Search filter used for configurations that require searching for DNs
> #ldap.authn.searchFilter=(&(uid={user})(accountState=active))
> ldap.authn.searchFilter=(uid={user})
>
> # Search filter used for configurations that require searching for DNs
> #ldap.authn.format=uid=%s,ou=Users,dc=example,dc=org
> ldap.authn.format=uid=%s,ou=users,dc=example,dc=com
> #ldap.authn.format=%s...@example.com <mailto:s...@example.com>
>
> --
> You are currently subscribed tocas-u...@lists.jasig.org
> <mailto:cas-user@lists.jasig.org> as:cmy...@mail.millikin.edu
> <mailto:cmy...@mail.millikin.edu>
> To unsubscribe, change settings or access archives,
> seehttp://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> You are currently subscribed tocas-u...@lists.jasig.org
> <mailto:cas-user@lists.jasig.org> as:lutfioduncuo...@gmail.com
> <mailto:lutfioduncuo...@gmail.com>
> To unsubscribe, change settings or access archives,
> seehttp://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> alex.bousk...@univ-lr.fr
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
