Hello, I received the following error when trying to authenticate to our AD servers. I’m not sure what bit to flip to get the %[email protected] to work for the dnFormat property, or if there is a new way to format the DN string for AD. Below is the error:
2019-03-05 16:23:22,455 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <LDAP response: [[org.ldaptive.auth.AuthenticationResponse@1313847476::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE, [email protected], ldapEntry=[[email protected][]], accountState=null, result=false, resultCode=INVALID_DN_SYNTAX, message=LDAPException(resultCode=34 (invalid DN syntax), errorMessage='Unable to parse string '[email protected]' as a DN because it does not have an equal sign after RDN attribute '[email protected]'.', ldapSDKVersion=4.0.9, revision=29290), controls=null]]> Bleow are the relevant AD configuration properties cas.authn.ldap[0].searchFilter=sAMAccountName={user} cas.authn.ldap[0].dnFormat=%[email protected] cas.authn.ldap[0].derefAliases=ALWAYS #cas.authn.ldap[0].dnFormat=sAMAccountName=%s,OU=Unix Group,OU=UCATS,OU=Academic Affairs,OU=Wichita State University,DC=ad,DC=wichita,DC=edu cas.authn.ldap[0].principalAttributeId=sAMAccountName cas.authn.ldap[0].principalAttributePassword=userPassword #cas.authn.ldap[0].poolPassivator=NONE|CLOSE|BIND cas.authn.ldap[0].poolPassivator=NONE #cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider cas.authn.ldap[0].connectTimeout=PT5S cas.authn.ldap[0].minPoolSize=3 cas.authn.ldap[0].maxPoolSize=10 cas.authn.ldap[0].validateOnCheckout=true cas.authn.ldap[0].validatePeriodically=true cas.authn.ldap[0].validatePeriod=PT5M cas.authn.ldap[0].validateTimeout=PT5S cas.authn.ldap[0].failFast=true cas.authn.ldap[0].idleTime=PT10M cas.authn.ldap[0].prunePeriod=PT2H cas.authn.ldap[0].blockWaitTime=PT3S cas.authn.ldap[0].useSsl=true cas.authn.ldap[0].useStartTls=false cas.authn.ldap[0].responseTimeout=PT5S cas.authn.ldap[0].allowMultipleDns=true cas.authn.ldap[0].allowMultipleEntries=false cas.authn.ldap[0].followReferrals=true cas.authn.ldap[0].name=WSUAD #cas.authn.ldap[0].trustCertificates= #cas.authn.ldap[0].keystore= #cas.authn.ldap[0].keystorePassword= #cas.authn.ldap[0].keystoreType=JKS|JCEKS|PKCS12 #cas.authn.ldap[0].binaryAttributes=objectGUID,someOtherAttribute cas.authn.ldap[0].principalAttributeList=cn:commonName,sAMAccountName:UDC_IDENTIFIER cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true Any help would be greatly appreciated. Thanks, Erik Mallory Server Analyst Wichita State University 316.978.3502 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/243A460A-3E81-415F-ABB1-C51F4C0EC247%40wichita.edu.
