I believe the AD authentication only works with the dnFormat option. The following is all we configured to use AD LDAP authentication:
cas.authn.ldap[0].type=AD cas.authn.ldap[0].ldapUrl=ldaps://example.org cas.authn.ldap[0].usePasswordPolicy=false cas.authn.ldap[0].dnFormat=%[email protected] On Wed, Jan 25, 2017 at 1:12 PM, Thiago Fernandes do Nascimento < [email protected]> wrote: > Hi, > > Can someone help wifh cas ldap configuration? I want to config ldap > server and i receved this error: > > WHO: thiago.nascimento > WHAT: Supplied credentials: [thiago.nascimento] > ACTION: AUTHENTICATION_FAILED > APPLICATION: CAS > WHEN: Wed Jan 25 17:03:11 BRST 2017 > CLIENT IP ADDRESS: 127.0.0.1 > SERVER IP ADDRESS: 127.0.0.1 > ============================================================= > > > > 2017-01-25 17:03:11,857 ERROR [org.apereo.cas.web.flow. > AuthenticationExceptionHandler] - <Unable to translate handler errors of > the authentication exception > org.apereo.cas.authentication.AuthenticationException: > 0 errors, 0 successes. Returning UNKNOWN by > default...> > > my cas.properties > > cas.authn.ldap[0].type=AD > cas.authn.ldap[0].ldapUrl=ldap://myserver:389 > cas.authn.ldap[0].useSsl=false > #cas.authn.ldap[0].useStartTls=false > cas.authn.ldap[0].connectTimeout=5000 > cas.authn.ldap[0].baseDn=cn=Users,dc=cobra,dc=com,dc=br > cas.authn.ldap[0].userFilter=sAMAccountName={user} > cas.authn.ldap[0].subtreeSearch=true > cas.authn.ldap[0].usePasswordPolicy=false > cas.authn.ldap[0][email protected] > cas.authn.ldap[0].bindCredential=oct24JESUS > > # cas.authn.ldap[0].enhanceWithEntryResolver=true > # cas.authn.ldap[0].dnFormat=uid=%s,ou=people,dc=example,dc=org > cas.authn.ldap[0].principalAttributeId=sAMAccountName > cas.authn.ldap[0].principalAttributePassword=oct24JESUS > cas.authn.ldap[0].principalAttributeList=sn,cn,givenName,sAMAccountName > cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true > cas.authn.ldap[0].additionalAttributes=numbleOf > # cas.authn.ldap[0].credentialCriteria= > > # cas.authn.ldap[0].saslMechanism=GSSAPI|DIGEST_MD5|CRAM_MD5|EXTERNAL > # cas.authn.ldap[0].saslRealm=EXAMPLE.COM > # cas.authn.ldap[0].saslAuthorizationId= > # cas.authn.ldap[0].saslMutualAuth= > # cas.authn.ldap[0].saslQualityOfProtection= > # cas.authn.ldap[0].saslSecurityStrength= > > # cas.authn.ldap[0].trustCertificates= > # cas.authn.ldap[0].keystore= > # cas.authn.ldap[0].keystorePassword= > # cas.authn.ldap[0].keystoreType=JKS|JCEKS|PKCS12 > > cas.authn.ldap[0].minPoolSize=3 > cas.authn.ldap[0].maxPoolSize=10 > cas.authn.ldap[0].validateOnCheckout=true > cas.authn.ldap[0].validatePeriodically=true > cas.authn.ldap[0].validatePeriod=600 > > #cas.authn.ldap[0].failFast=true > #cas.authn.ldap[0].idleTime=5000 > #cas.authn.ldap[0].prunePeriod=5000 > #cas.authn.ldap[0].blockWaitTime=5000 > > #cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid. > UnboundIDProvider > #cas.authn.ldap[0].allowMultipleDns=false > > # cas.authn.ldap[0].passwordEncoder.type=NONE|DEFAULT|STANDARD|BCRYPT > # cas.authn.ldap[0].passwordEncoder.characterEncoding= > # cas.authn.ldap[0].passwordEncoder.encodingAlgorithm= > # cas.authn.ldap[0].passwordEncoder.secret= > # cas.authn.ldap[0].passwordEncoder.strength=16 > > # cas.authn.ldap[0].principalTransformation.suffix= > # cas.authn.ldap[0].principalTransformation.caseConversion=NONE|UPPERCASE| > LOWERCASE > # cas.authn.ldap[0].principalTransformation.prefix= > > # cas.authn.ldap[0].passwordPolicy.enabled=true > # cas.authn.ldap[0].passwordPolicy.policyAttributes. > accountLocked=javax.security.auth.login.AccountLockedException > # cas.authn.ldap[0].passwordPolicy.loginFailures=5 > # cas.authn.ldap[0].passwordPolicy.warningAttributeValue= > # cas.authn.ldap[0].passwordPolicy.warningAttributeName= > # cas.authn.ldap[0].passwordPolicy.displayWarningOnMatch=true > # cas.authn.ldap[0].passwordPolicy.warnAll=true > # cas.authn.ldap[0].passwordPolicy.warningDays=30 > # cas.authn.ldap[0].passwordPolicy.url=https://password.example.edu/change > > thanks! > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: https://apereo.github.io/cas/ > Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/c9e13c52-4d52-42af-8b1d- > 4629ac5125b5%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9e13c52-4d52-42af-8b1d-4629ac5125b5%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEOEEgde_63HiDFsDZiQwteK_aMy-YEGgQzVH14DQvpkNdLD_w%40mail.gmail.com.
