Correct me if I'm wrong but looking at the directory, not everyone has a 
DN. Some users are only members of a group it looks like. Is this because 
my account doesn't have high enough priveledge to see everyone? But at the 
very least I should be able to see myself right? Or is possible for not 
every user to have their own DN.

On Thursday, February 22, 2018 at 3:25:03 PM UTC-6, David Curry wrote:
>
> If you look up a user in your directory, what does the DN for that user 
> look like? That's what the dnFormat should look like, except that you 
> replace the username with a "%s" for CAS to fill in.
>
> So, for example, the DN for our accounts looks like this:
>
> cn=gnarls,ou=TNSUsers,dc=tns,dc=newschool,dc=edu
>
>
> (where "gnarls" is the username) so dnFormat looks like this:
>
> cn=%s,ou=TNSUsers,dc=tns,dc=newschool,dc=edu
>
>
> Also, if you're really going against AD, you probably want to change
>
> cas.authn.ldap[0].userFilter=cn={user}
>
>
> to
>
> cas.authn.ldap[0].userFilter=sAMAccountName={user}
>
>
> --Dave
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu <javascript:>
>
> [image: The New School]
>
> On Thu, Feb 22, 2018 at 4:01 PM, Kevin Liu <annih...@gmail.com 
> <javascript:>> wrote:
>
>> So it looks like it's because I'm missing a dnFormat value? I'm not 
>> exactly sure how I should format my dnFormat? Could I get some help?
>>
>> On Thursday, February 22, 2018 at 2:47:47 PM UTC-6, David Curry wrote:
>>>
>>> I don't see an error there? Did your copy and paste not capture 
>>> everything.
>>>
>>> --Dave
>>>
>>>
>>> --
>>>
>>> DAVID A. CURRY, CISSP
>>> *DIRECTOR OF INFORMATION SECURITY*
>>> INFORMATION TECHNOLOGY
>>>
>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
>>> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
>>> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>>>
>>> [image: The New School]
>>>
>>> On Thu, Feb 22, 2018 at 3:43 PM, Kevin Liu <annih...@gmail.com> wrote:
>>>
>>>> I tried following that but this is my error still:
>>>>
>>>> 2018-02-22 14:40:41,986 DEBUG 
>>>> [org.apereo.cas.configuration.support.CasConfigurationJasyptDecryptor] - 
>>>> <Configured jasyptInstance algorithm [PBEWithMD5AndTripleDES]>
>>>> 2018-02-22 14:40:41,995 DEBUG 
>>>> [org.apereo.cas.configuration.config.CasCoreBootstrapStandaloneConfiguration]
>>>>  
>>>> - <No properties were located inside [class path resource 
>>>> [application.yml]]>
>>>> 2018-02-22 14:40:41,996 DEBUG 
>>>> [org.apereo.cas.configuration.config.CasCoreBootstrapStandaloneConfiguration]
>>>>  
>>>> - <Located CAS standalone configuration directory at [/etc/cas3/config]>
>>>> 2018-02-22 14:40:41,997 DEBUG 
>>>> [org.apereo.cas.configuration.config.CasCoreBootstrapStandaloneConfiguration]
>>>>  
>>>> - <Looking for configuration files at [/etc/cas3/config] that match the 
>>>> pattern [(cas|standalone|application-cas|a
>>>> 2018-02-22 14:40:42,009 INFO 
>>>> [org.apereo.cas.configuration.config.CasCoreBootstrapStandaloneConfiguration]
>>>>  
>>>> - <Configuration files found at [/etc/cas3/config] are 
>>>> [[/etc/cas3/config/application.yml, /etc/cas3/config/cas.pro
>>>> 2018-02-22 14:40:42,019 DEBUG 
>>>> [org.apereo.cas.configuration.config.CasCoreBootstrapStandaloneConfiguration]
>>>>  
>>>> - <Loading configuration file [/etc/cas3/config/application.yml]>
>>>> 2018-02-22 14:40:42,042 DEBUG 
>>>> [org.apereo.cas.configuration.config.CasCoreBootstrapStandaloneConfiguration]
>>>>  
>>>> - <Found settings [[info.description]] in YAML file 
>>>> [/etc/cas3/config/application.yml]>
>>>> 2018-02-22 14:40:42,044 DEBUG 
>>>> [org.apereo.cas.configuration.config.CasCoreBootstrapStandaloneConfiguration]
>>>>  
>>>> - <Loading configuration file [/etc/cas3/config/cas.properties]>
>>>> 2018-02-22 14:40:42,046 DEBUG 
>>>> [org.apereo.cas.configuration.config.CasCoreBootstrapStandaloneConfiguration]
>>>>  
>>>> - <Found settings [[endpoints.sensitive, cas.authn.ldap[0].subtreeSearch, 
>>>> cas.adminPagesSecurity.loginUrl, cas.adm
>>>> 2018-02-22 14:40:42,046 DEBUG 
>>>> [org.apereo.cas.configuration.config.CasCoreBootstrapStandaloneConfiguration]
>>>>  
>>>> - <Located setting(s) [[endpoints.sensitive, 
>>>> cas.authn.ldap[0].subtreeSearch, cas.adminPagesSecurity.loginUrl, cas
>>>> 2018-02-22 14:40:42,102 INFO 
>>>> [org.apereo.cas.web.CasWebApplicationServletInitializer] - <The following 
>>>> profiles are active: standalone>
>>>> 2018-02-22 14:40:45,698 WARN 
>>>> [org.apereo.cas.config.CasCoreTicketsConfiguration] - <Runtime memory is 
>>>> used as the persistence storage for retrieving and managing tickets. 
>>>> Tickets that are issued during runtime will be LOST
>>>> 2018-02-22 14:40:45,701 INFO 
>>>> [org.apereo.cas.configuration.support.Beans] - <Ticket registry 
>>>> encryption/signing is turned off. This MAY NOT be safe in a clustered 
>>>> production environment. Consider using other choices to han
>>>> 2018-02-22 14:40:49,283 DEBUG 
>>>> [org.apereo.cas.config.CasCoreAuthenticationConfiguration] - <Configuring 
>>>> authentication execution plan [CasCoreAuthenticationHandlersConfiguration]>
>>>> 2018-02-22 14:40:49,289 DEBUG 
>>>> [org.apereo.cas.config.CasCoreAuthenticationConfiguration] - <Configuring 
>>>> authentication execution plan [CasCoreAuthenticationHandlersConfiguration]>
>>>> 2018-02-22 14:40:49,318 DEBUG 
>>>> [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - 
>>>> <Registering handler [HttpBasedServiceCredentialsAuthenticationHandler] 
>>>> principal resolver [org.apereo.cas.authenticat
>>>> 2018-02-22 14:40:49,324 DEBUG 
>>>> [org.apereo.cas.config.CasCoreAuthenticationConfiguration] - <Configuring 
>>>> authentication execution plan [CasCoreAuthenticationMetadataConfiguration]>
>>>> 2018-02-22 14:40:49,333 DEBUG 
>>>> [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - 
>>>> <Registering metadata populator 
>>>> [org.apereo.cas.authentication.metadata.SuccessfulHandlerMetaDataPopulator@77551b65[or
>>>> 2018-02-22 14:40:49,342 DEBUG 
>>>> [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - 
>>>> <Registering metadata populator 
>>>> [org.apereo.cas.authentication.metadata.RememberMeAuthenticationMetaDataPopulator@3838
>>>> 2018-02-22 14:40:49,350 DEBUG 
>>>> [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - 
>>>> <Registering metadata populator 
>>>> [org.apereo.cas.authentication.metadata.AuthenticationCredentialTypeMetaDataPopulator@
>>>> 2018-02-22 14:40:49,350 DEBUG 
>>>> [org.apereo.cas.config.CasCoreAuthenticationConfiguration] - <Configuring 
>>>> authentication execution plan [LdapAuthenticationConfiguration]>
>>>> 2018-02-22 14:40:49,355 DEBUG 
>>>> [org.apereo.cas.authentication.CoreAuthenticationUtils] - <No principal 
>>>> attributes are defined>
>>>> 2018-02-22 14:40:49,355 DEBUG 
>>>> [org.apereo.cas.config.LdapAuthenticationConfiguration] - <Created and 
>>>> mapped principal attributes [{}] for [ldap://alpha.beta.gamma:389]...>
>>>> 2018-02-22 14:40:49,357 DEBUG 
>>>> [org.apereo.cas.config.LdapAuthenticationConfiguration] - <Creating LDAP 
>>>> authenticator for [ldap://alpha.beta.gamma:389] and baseDn 
>>>> [dc=beta,dc=gamma]>
>>>> 2018-02-22 14:40:49,375 DEBUG [org.apereo.cas.util.LdapUtils] - 
>>>> <Creating active directory authenticator for [ldap://alpha.beta.gamma:389]>
>>>> 2018-02-22 14:40:49,377 WARN 
>>>> [org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext]
>>>>  
>>>> - <Exception encountered during context initialization - cancelling 
>>>> refresh 
>>>> attempt: org.springframewor
>>>> 2018-02-22 14:40:49,378 WARN 
>>>> [com.ryantenney.metrics.spring.config.annotation.MetricsConfigurerAdapter] 
>>>> - <Problem stopping reporter>
>>>> org.springframework.beans.factory.BeanCreationNotAllowedException: 
>>>> Error creating bean with name 'casMetricsConfiguration': Singleton bean 
>>>> creation not allowed while singletons of this factory are in destruction 
>>>> (Do not re
>>>>         at 
>>>> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:216)
>>>>  
>>>> ~[spring-beans-4.3.12.RELEASE.jar:4.3.12.RELEASE]
>>>>
>>>>
>>>> On Thursday, February 22, 2018 at 2:36:17 PM UTC-6, David Curry wrote:
>>>>>
>>>>> You might find the examples here helpful:
>>>>>
>>>>>
>>>>> https://dacurry-tns.github.io/deploying-apereo-cas/building_server_ldap_overview.html
>>>>>
>>>>> There's an Active Directory configuration (two, actually) and an LDAP 
>>>>> configuration. Authentication and attribute retrieval.
>>>>>
>>>>> If those don't help, then please post the relevant line(s) from the 
>>>>> log file showing the error, and, if you have it turned on, debug messages.
>>>>>
>>>>> --Dave
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> DAVID A. CURRY, CISSP
>>>>> *DIRECTOR OF INFORMATION SECURITY*
>>>>> INFORMATION TECHNOLOGY
>>>>>
>>>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
>>>>> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
>>>>> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>>>>>
>>>>> [image: The New School]
>>>>>
>>>>> On Thu, Feb 22, 2018 at 2:46 PM, Kevin Liu <annih...@gmail.com> wrote:
>>>>>
>>>>>> I've now changed it to this:
>>>>>>
>>>>>>
>>>>>> #AD Configurations
>>>>>> cas.authn.ldap[0].type=AD
>>>>>> cas.authn.ldap[0].ldapUrl=ldap://alpha.beta.gamma:389
>>>>>> #cas.authn.ldap[0].connectionStrategy=
>>>>>> cas.authn.ldap[0].useSsl=false
>>>>>> cas.authn.ldap[0].useStartTls=false
>>>>>> cas.authn.ldap[0].connectTimeout=5000
>>>>>> cas.authn.ldap[0].subtreeSearch=true
>>>>>>
>>>>>> cas.authn.ldap[0].baseDn=dc=beta,dc=gamma
>>>>>> cas.authn.ldap[0].userFilter=cn={user}
>>>>>> cas.authn.ldap[0].bindDn=user@beta.gamma
>>>>>> cas.authn.ldap[0].bindCredential=userPassword
>>>>>>
>>>>>> Still not working with the same error.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Thursday, February 22, 2018 at 1:32:54 PM UTC-6, Kevin Liu wrote:
>>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> I can't seem to make heads or tailed of getting CAS to talk to LDAP
>>>>>>>
>>>>>>> I know my LDAP is working because using the following command, I can 
>>>>>>> see all LDAP entries:
>>>>>>>
>>>>>>> ldapsearch -x -h alpha.beta.gamma -D user@beta.gamma -W -b 
>>>>>>> "dc=beta,dc=gamma" 
>>>>>>>
>>>>>>> My assumption is that since these credentials are being accepted by 
>>>>>>> LDAP, I just have to configure CAS to use them. Is this correct?
>>>>>>>
>>>>>>> So far, my cas.properties contains the following:
>>>>>>>
>>>>>>> cas.authn.ldap[0].order: 0
>>>>>>> cas.authn.ldap[0].name: LDAP
>>>>>>> cas.authn.ldap[0].type: AD
>>>>>>> cas.authn.ldap[0].ldapUrl: ldap://alpha.beta.gamma:389
>>>>>>> cas.authn.ldap[0].baseDn: dc=di2e,dc=civ
>>>>>>>
>>>>>>> This is not working as I get a ton of errors saying that CAS has not 
>>>>>>> connected to LDAP.
>>>>>>>
>>>>>>> -- 
>>>>>> - Website: https://apereo.github.io/cas
>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>>>> - Contributions: https://goo.gl/mh7qDG
>>>>>> --- 
>>>>>> You received this message because you are subscribed to the Google 
>>>>>> Groups "CAS Community" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it, 
>>>>>> send an email to cas-user+u...@apereo.org.
>>>>>> To view this discussion on the web visit 
>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/1cdff6f8-36ef-4acd-a5b4-ef1b55fa6691%40apereo.org
>>>>>>  
>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1cdff6f8-36ef-4acd-a5b4-ef1b55fa6691%40apereo.org?utm_medium=email&utm_source=footer>
>>>>>> .
>>>>>>
>>>>>
>>>>> -- 
>>>> - Website: https://apereo.github.io/cas
>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>> - Contributions: https://goo.gl/mh7qDG
>>>> --- 
>>>> You received this message because you are subscribed to the Google 
>>>> Groups "CAS Community" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send 
>>>> an email to cas-user+u...@apereo.org.
>>>> To view this discussion on the web visit 
>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/80693656-73a4-428d-821b-a59141f1fb22%40apereo.org
>>>>  
>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/80693656-73a4-428d-821b-a59141f1fb22%40apereo.org?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>
>>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org <javascript:>.
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/57fd43a0-e5cc-48f4-b0d5-36a6c9837217%40apereo.org
>>  
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/57fd43a0-e5cc-48f4-b0d5-36a6c9837217%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f920a33a-c9e9-4404-afd6-d804518ae46f%40apereo.org.

Reply via email to