Alain,
It looks like CAS is making the connection to AD. Set log output to trace to
see if there are any more hints. Check AD logs (set them to debug at least).
In your config, bindDn is 'Administrator' but in the output message it is
'administrator'.
Does case matter for AD connections?
The odd spacing and jumbled lines ('cas.authn.ldap [0] = false .useSsl' should
be 'cas.authn.ldap[0].useSsl = false') in your posted config may indicate some
hidden characters.
Ray
On Tue, 2019-05-14 at 10:37 +0200, alain ubfc wrote:
Ray,
So I commented on the AUP lines. But I still can not connect to the case.
Can you tell me if the property lines are correct?
# Cas.acceptableUsagePolicy.enabled = true
# = Cas.acceptableUsagePolicy.aupAttributeName aupAccepted
# = Cas.acceptableUsagePolicy.scope AUTHENTICATED
### CNX LDAP
cas.authn.ldap [0] = .providerClass
org.ldaptive.provider.unboundid.UnboundIDProvider
cas.authn.ldap [0] .type = AUTHENTICATED
cas.authn.ldap [0] = false .useSsl
cas.authn.ldap [0] = .ldapUrl ldap: //192.168.0.54<http://192.168.0.54>: 389
cas.authn.ldap [0] = .baseDn dc = test, dc = univ-CFB, dc = uk
cas.authn.ldap [0] = true .subtreeSearch
cas.authn.ldap [0] = .searchFilter uid = {user}
cas.authn.ldap [0] = .principalAttributeList cn, givenName, email
# Credential to connect to LDAP
cas.authn.ldap [0] = .bindDn cn = Administrator, cn = Users, dc = test, dc =
univ-BFC, dc = com
cas.authn.ldap [0] = .bindCredential Qwerty @ 25
# Rules Uses
# Cas.acceptableUsagePolicy.ldap.ldapUrl = ldap:
//192.168.0.54<http://192.168.0.54>: 389
# Cas.acceptableUsagePolicy.ldap.baseDn = dc = test, dc = univ-BFC, dc = com
# Cas.acceptableUsagePolicy.ldap.searchFilter = uid = {user}
# = Cas.acceptableUsagePolicy.ldap.providerClass
org.ldaptive.provider.unboundid.UnboundIDProvider
# = 5000 cas.acceptableUsagePolicy.ldap.connectTimeout
# Cas.acceptableUsagePolicy.ldap.minPoolSize = 3
# = 10 cas.acceptableUsagePolicy.ldap.maxPoolSize
# Cas.acceptableUsagePolicy.ldap.validateOnCheckout = true
# Cas.acceptableUsagePolicy.ldap.validatePeriodically = true
# Cas.acceptableUsagePolicy.ldap.validatePeriod = 600
# = 500 cas.acceptableUsagePolicy.ldap.idleTime
# Cas.acceptableUsagePolicy.ldap.prunePeriod = 600
# = 5000 cas.acceptableUsagePolicy.ldap.blockWaitTime
# Cas.acceptableUsagePolicy.ldap.useStartTls = false
I can connect with apache studio but not with CAS.
2019-05-14 10: 20: 43,466 DEBUG
[org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] -
<Resolved single event [authenticationFailure] via
[org.apereo.cas.web.flow.resolver.
impl.DefaultCasDelegatingWebflowEventResolver] for this context>
2019-05-14 10: 20: 43,466 DEBUG
[org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] -
<Located current event [authenticationFailure]>
2019-05-14 10: 20: 43,564 DEBUG
[org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] -
<Located error attribute [class
org.apereo.cas.authentication.AuthenticationException] with message [2 errors,
0 successes] from the current event>
2019-05-14 10: 20: 43,600 DEBUG
[org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - <Final
event id of the error is [AccountNotFoundException]>
2019-05-14 10: 20: 43,857 DEBUG
[org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the received
exception due to a type mismatch>
2019-05-14 10: 33: 52,639 ERROR
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<Authentication has failed. Credentials may be incorrect or invalid
[UsernamePasswordCredential (username = administrator, source = null,
customFields = {})] of type [UsernamePasswordCredential]. Examine the
configuration to ensure a method of authentication is defined and analyze CAS
logs at DEBUG level to trace the authentication event.
Here are all the error messages
Le lun. 13 mai 2019 à 16:38, Ray Bon <[email protected]<mailto:[email protected]>> a
écrit :
Alain,
The error is associated with AUP. Comment out the associated lines.
Ray
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c348fe462b5e12fa637ee8d6f7da199f4efc1f4e.camel%40uvic.ca.
