Your bindDn is wrong, in at least what you've pasted above " cas.authn.ldap[0].bindDn=cn=cn=Directory Manager,o=org" . You look to have an extra cn= in there.
Paul. On 11 April 2017 at 18:25, bobbintb <[email protected]> wrote: > Same thing. I already had the dependency in pom.xml, and most of those > LDAP settings. I added all the extra ones you mentioned but it didn't > change anything. I don't get it. I'm obviously missing something but near > as I can tell, I have all the prerequisites mention in the documentation. > > > On Tuesday, April 11, 2017 at 1:39:12 AM UTC-6, Nour Krichene wrote: >> >> Hello, >> >> It seems that some files are needed to support LDAP >> >> >> In pom.xml add this script >> >> >> <dependency> >> <groupId>org.apereo.cas</groupId> >> <artifactId>cas-server-support-ldap</artifactId> >> <version>${cas.version}</version> >> </dependency> >> >> after project's build add this code to etc/cas/config/cas.properties >> >> cas.authn.accept.users= >> cas.authn.ldap[0].type=AUTHENTICATED >> >> cas.authn.ldap[0].ldapUrl=ldap://localhost:389 >> cas.authn.ldap[0].useSsl=false >> cas.authn.ldap[0].useStartTls=false >> cas.authn.ldap[0].connectTimeout=5000 >> cas.authn.ldap[0].baseDc=dc=example,dc=com >> cas.authn.ldap[0].baseDn=ou=users,dc=example,dc=com >> cas.authn.ldap[0].userFilter=uid={user} >> cas.authn.ldap[0].subtreeSearch=true >> cas.authn.ldap[0].usePasswordPolicy=false >> cas.authn.ldap[0].bindDn=cn=admin,dc=example,dc=com >> cas.authn.ldap[0].bindCredential=********** >> >> cas.authn.ldap[0].enhanceWithEntryResolver=false >> cas.authn.ldap[0].dnFormat=uid=%s,ou=users,dc=example,dc=com >> cas.authn.ldap[0].principalAttributeId=uid >> cas.authn.ldap[0].principalAttributePassword= >> cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName >> cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true >> >> cas.authn.ldap[0].minPoolSize=3 >> cas.authn.ldap[0].maxPoolSize=10 >> cas.authn.ldap[0].validateOnCheckout=true >> cas.authn.ldap[0].validatePeriodically=true >> cas.authn.ldap[0].validatePeriod=600 >> >> cas.authn.ldap[0].failFast=true >> cas.authn.ldap[0].idleTime=5000 >> cas.authn.ldap[0].prunePeriod=5000 >> cas.authn.ldap[0].blockWaitTime=5000 >> cas.authn.ldap[0].allowMultipleDns=false >> >> cas.authn.ldap[0].passwordEncoder.type=NONE >> cas.authn.ldap[0].principalTransformation.suffix= >> cas.authn.ldap[0].principalTransformation.caseConversion=NONE >> cas.authn.ldap[0].principalTransformation.prefix= >> >> >> >> >> On Monday, April 10, 2017 at 11:00:54 PM UTC+2, bobbintb wrote: >>> >>> I'm new to CAS and I have been trying to figure out how to get it to >>> authenticate against LDAP. I'm on RHEL 7 with Tomcat 7 and CAS 5.0,4. I >>> used the Maven overlay. My pom.xml has: >>> >>> <groupId>org.apereo.cas</groupId> >>> <artifactId>cas-server-support-ldap</artifactId> >>> <version>5.0.4</version> >>> </dependency> >>> <dependency> >>> <groupId>org.apereo.cas</groupId> >>> <artifactId>cas-server-support-ldap-core</artifactId> >>> <version>5.0.4</version> >>> </dependency> >>> >>> No errors building. I didn't have the second one initially. I added it >>> later and it made no difference >>> >>> >>> Here is my ldap section from cas.properties: >>> >>> >>> >>> #LDAP connection info >>> cas.authn.accept.users= >>> cas.authn.ldap[0].type=AUTHENTICATED >>> cas.authn.ldap[0].ldapUrl=ldaps://ldap.my.org:636 >>> cas.authn.ldap[0].useSsl=true >>> cas.authn.ldap[0].useStartTls=false >>> cas.authn.ldap[0].connectTimeout=5000 >>> cas.authn.ldap[0].baseDn=ou=cp,o=org >>> cas.authn.ldap[0].principalAttributeId=uid >>> cas.authn.ldap[0].userFilter=cn=uid >>> cas.authn.ldap[0].subtreeSearch=true >>> cas.authn.ldap[0].usePasswordPolicy=true >>> cas.authn.ldap[0].bindDn=cn=cn=Directory Manager,o=org >>> >>> I just keep getting the same errors: >>> >>> WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >>> <Authentication has failed. Credentials may be incorrect or CAS cannot find >>> authentication handler that supports [testusername] of type >>> [UsernamePasswordCredential], which suggests a configuration problem.> >>> >>> ERROR [org.apereo.cas.web.flow.AuthenticationExceptionHandler] - >>> <Unable to translate handler errors of the authentication exception >>> org.apereo.cas.authentication.AuthenticationException: 0 errors, 0 >>> successes. Returning UNKNOWN by default...> >>> >>> Nothing I have found has helped. I tried changing the type to DIRECT. We >>> don't use AD so I didn't try that. Not sure if it will help. Any ideas? I'm >>> stumped. >>> >>> -- >>> - CAS gitter chatroom: https://gitter.im/apereo/cas >>> - CAS mailing list guidelines: https://apereo.github.io/cas/M >>> ailing-Lists.html >>> - CAS documentation website: https://apereo.github.io/cas >>> - CAS project website: https://github.com/apereo/cas >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit https://groups.google.com/a/ap >>> ereo.org/d/msgid/cas-user/bcdf6bd8-ba0e-4587-bdd7-1b56d2bf49 >>> af%40apereo.org >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/bcdf6bd8-ba0e-4587-bdd7-1b56d2bf49af%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: https://apereo.github.io/cas/ > Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/0e21de28-36cb-426b-9d05- > 1852e47db8c7%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/0e21de28-36cb-426b-9d05-1852e47db8c7%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGvhSLRzLYYA%3DUR%3DsiDmXG2Nb79KEOCHYjs9C3DvQSp6Rj_oaA%40mail.gmail.com.
