Hi, according to company regulations I have to go with LDAPS, so I can't just do LDAP.
Am Dienstag, 27. August 2019 14:52:29 UTC+2 schrieb casuser: > > You don't need ssl for ldap authentication > Try the following : > > > cas.authn.ldap[0].ldapUrl=ldap://yourldapurl > cas.authn.ldap[0].useSsl=false > > And comment out the keystore configurations. > > > On Tue, 27 Aug 2019, 5:48 pm tnbreitkreutz, <[email protected] > <javascript:>> wrote: > >> cas.server.name=https://${serviceName}.${domain} >> cas.server.prefix=${cas.server.name}/cas >> logging.config: file:/etc/cas/config/log4j2.xml >> # logging.level.org.apereo=DEBUG >> cas.authn.accept.users= >> # cas.authn.accept.name= >> # cas.authn.accept.credentialCriteria= >> >> cas.view.defaultRedirectUrl=https://dashboard.${domain} >> >> ### CAS httpClient >> cas.httpClient.connectionTimeout=5000 >> cas.httpClient.asyncTimeout=5000 >> cas.httpClient.readTimeout=5000 >> cas.httpClient.hostNameVerifier=NONE >> cas.httpClient.allowLocalLogoutUrls=false >> cas.httpClient.truststore.psw=changeit >> cas.httpClient.truststore.file=file:/etc/security/.truststore >> >> ### LDAP >> cas.authn.ldap[0].name=${ldapDomain}01 >> cas.authn.ldap[0].type=AD >> cas.authn.ldap[0].ldapUrl=${ldapUrl} >> cas.authn.ldap[0].baseDn=${ldapBaseDn} >> cas.authn.ldap[0].minPoolSize=3 >> cas.authn.ldap[0].maxPoolSize=10 >> cas.authn.ldap[0].validateOnCheckout=false >> cas.authn.ldap[0].validatePeriodically=true >> cas.authn.ldap[0].validatePeriod=PT5M >> cas.authn.ldap[0].failFast=true >> cas.authn.ldap[0].idleTime=PT10M >> cas.authn.ldap[0].prunePeriod=PT2M >> cas.authn.ldap[0].blockWaitTime=PT3S >> cas.authn.ldap[0].useStartTls=false >> cas.authn.ldap[0].useSsl=true >> cas.authn.ldap[0].searchFilter=(sAMAccountName={user}) >> cas.authn.ldap[0].poolPassivator=NONE >> cas.authn.ldap[0].providerClass >> =org.ldaptive.provider.unboundid.UnboundIDProvider >> cas.authn.ldap[0].connectTimeout=PT5S >> cas.authn.ldap[0].subtreeSearch=true >> cas.authn.ldap[0].dnFormat=CN=%s,OU=Users,${ldapBaseDn} >> # cas.authn.ldap[0].trustCertificates= >> cas.authn.ldap[0].keystore=file:/etc/security/.keystore >> cas.authn.ldap[0].keystorePassword=changeit >> cas.authn.ldap[0].keystoreType=PKCS12 >> >> ### JPA Ticket Registry >> cas.ticket.registry.jpa.user=${databaseUser} >> cas.ticket.registry.jpa.password=${databasePassword} >> cas.ticket.registry.jpa.driverClass=com.mysql.cj.jdbc.Driver >> cas.ticket.registry.jpa.url=jdbc:mysql://127.0.0.1:3306/${databaseName} >> <http://127.0.0.1:3306/$%7BdatabaseName%7D> >> cas.ticket.registry.jpa.dialect=org.hibernate.dialect.MySQL5InnoDBDialect >> cas.ticket.registry.jpa.pool.suspension=false >> cas.ticket.registry.jpa.pool.minSize=6 >> cas.ticket.registry.jpa.pool.maxSize=18 >> cas.ticket.registry.jpa.pool.maxWait=2000 >> cas.ticket.registry.jpa.pool.timeoutMillis=1000 >> cas.ticket.registry.jpa.healthQuery=select 1 >> cas.ticket.registry.jpa.ticketLockType=NONE >> cas.ticket.registry.jpa.jpaLockingTimeout=3600 >> cas.ticket.registry.jpa.crypto.signing.key=mysupersecretsigningkey >> cas.ticket.registry.jpa.crypto.signing.keySize=512 >> cas.ticket.registry.jpa.crypto.encryption.key=mysupersecretencryptionkey >> cas.ticket.registry.jpa.crypto.encryption.keySize=512 >> cas.ticket.registry.jpa.crypto.alg=AES >> cas.ticket.registry.jpa.crypto.enabled=false >> >> ### JPA Service Registry >> cas.serviceRegistry.jpa.user=${databaseUser} >> cas.serviceRegistry.jpa.password=${databasePassword} >> cas.serviceRegistry.jpa.driverClass=com.mysql.cj.jdbc.Driver >> cas.serviceRegistry.jpa.url=jdbc:mysql://127.0.0.1:3306/${databaseName} >> <http://127.0.0.1:3306/$%7BdatabaseName%7D> >> cas.serviceRegistry.jpa.dialect=org.hibernate.dialect.MySQL5InnoDBDialect >> cas.serviceRegistry.jpa.pool.suspension=false >> cas.serviceRegistry.jpa.pool.minSize=6 >> cas.serviceRegistry.jpa.pool.maxSize=18 >> cas.serviceRegistry.jpa.pool.maxWait=2000 >> cas.serviceRegistry.jpa.pool.timeoutMillis=1000 >> cas.serviceRegistry.jpa.healthQuery=select 1 >> >> For ${ldapUrl} a *ldaps://*-adress-value is stored. Regular LDAP is >> working fine.. But I have to connect via LDAPS. >> >> Am Dienstag, 27. August 2019 11:38:35 UTC+2 schrieb casuser: >>> >>> Can you please share your CAS properties? For ldap authentication you >>> don't need to connect to ssl. >>> >>> On Tue, 27 Aug 2019, 5:00 pm tnbreitkreutz, <[email protected]> >>> wrote: >>> >>>> Hello, >>>> >>>> still having some issues with my instance of CAS 6.0.4. After some time >>>> it was possible to connect CAS to LDAP with the UnboundIdProvider and the >>>> login works, but. >>>> >>>> I'm seeing an exception in Stackdriver, if I enable >>>> *-Djavax.net.debug=ssl*. I enabled debugging as the container crashes >>>> at some point... >>>> >>>> javax.net.ssl|WARNING|32|Connection reader for connection 2 to >>>> active-directory.lan:636|2019-08-27 08:46:25.267 >>>> UTC|SSLSocketImpl.java:1289|handling exception ( >>>> "throwable" : { >>>> java.net.SocketTimeoutException: Read timed out at java.base/ >>>> java.net.SocketInputStream.socketRead0(Native Method) at java.base/ >>>> java.net.SocketInputStream.socketRead(SocketInputStream.java:115) at >>>> java.base/java.net.SocketInputStream.read(SocketInputStream.java:168) >>>> at java.base/java.net.SocketInputStream.read(SocketInputStream.java:140) >>>> at >>>> java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:448) >>>> >>>> at >>>> java.base/sun.security.ssl.SSLSocketInputRecord.bytesInCompletePacket(SSLSocketInputRecord.java:68) >>>> >>>> at >>>> java.base/sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1104) >>>> >>>> at >>>> java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:823) >>>> >>>> at >>>> java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:252) >>>> at >>>> java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:271) >>>> at com.unboundid.asn1.ASN1StreamReader.read(ASN1StreamReader.java:1159) at >>>> com.unboundid.asn1.ASN1StreamReader.readType(ASN1StreamReader.java:332) at >>>> com.unboundid.asn1.ASN1StreamReader.beginSequence(ASN1StreamReader.java:1079) >>>> >>>> at >>>> com.unboundid.ldap.protocol.LDAPMessage.readLDAPResponseFrom(LDAPMessage.java:1151) >>>> >>>> at >>>> com.unboundid.ldap.sdk.LDAPConnectionReader.run(LDAPConnectionReader.java:225) >>>> } >>>> ) >>>> >>>> ConnectionTimeouts were increased. I tried to create a new >>>> truststore/keystore and imported the necessary CA certificate, but that >>>> didn't change a thing. >>>> >>>> What can I do here to get rid of this SocketTimeoutException? >>>> >>>> Best regards >>>> >>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6b59ae54-4155-4301-9676-14da47c56624%40apereo.org >>>> >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6b59ae54-4155-4301-9676-14da47c56624%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/068f6116-5da1-435b-a0a3-1746d4d2263e%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/068f6116-5da1-435b-a0a3-1746d4d2263e%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20cf2e17-1504-4ff3-b434-ee8396769472%40apereo.org.
