Re: [cas-user] LDAP: UnknownHostException

Warren White Mon, 12 Aug 2019 15:06:06 -0700

A couple of things come to light:
[Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building 
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable 
to find valid certification path to requested target]


Which would indicate either the cert is not imported correctly, or Tomcat 
server.xml is pointing to a different keystore.


ldapUrl=ldaps://active-directory.lan:636

The above is from your ad-error.txt, which indicates a different server name 
than in your config: active-directory.lan:636 vs adlocal.lan:636


I set up 6.0.0 a few months ago with the following:

Tomcat server.xml connector:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" 
SSLEnabled="true" address="DEV_SERVER_IP"
        maxThreads="150" scheme="https" secure="true"
        clientAuth="false" sslProtocol="TLS"
        keystoreFile="/etc/ssl/private/.keystore" 
        keystorePass="MY_KEYSTORE_PASS"
 />


I used a different keystore and location than default JAVA_HOME, because of 
similar issues as you.


Then in /etc/cas/config, I have the following files: cas.properties, 
application-standalone.properties, and ldap.properties.

I am using type AD

Here is the minimal LDAP config I used to get it to work for me:

# LDAP/Active Directorycas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldaps://...

cas.authn.ldap[0].baseDn=dc=...,dc=...,dc=...
cas.authn.ldap[0].bindDn=cn=...,ou=...,ou=...,dc=...,dc=...,dc=...
cas.authn.ldap[0].bindCredential=...

cas.authn.ldap[0].searchFilter=sAMAccountName={user}
cas.authn.ldap[0].dnFormat=%s@...
cas.authn.ldap[0].principalAttributePassword=password




I also have in my config the following, which I cannot remember why I have in 
the config, but it works for my setup on the development machine:

cas.tgc.crypto.encryption.key=SOME_KEY_STRINGcas.tgc.crypto.signing.key=SOME_BIG_KEY_STRING
cas.tgc.httpOnly=false

cas.webflow.crypto.signing.key=ANOTHER_KEY_STRING
cas.webflow.crypto.encryption.key=ANOTHER_STRING


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3d64b7d9-750c-448e-9054-b5d468417c67%40apereo.org.

Re: [cas-user] LDAP: UnknownHostException

Reply via email to