Mahalo nui loa! The UnboundID workaround appears to solve the problem so I don't need to further pursue trying to substitute a newer version of the Ldaptive library. I wasn't able to find any documentation on the UnboundIDProvider though (what does it do specifically, and where would I have found that requisite dependency). Did I miss that somewhere? Now I can focus on upgrading to a current version of CAS.
On Fri, Jan 29, 2021 at 5:20 AM 'Richard Frovarp' via CAS Community < cas-user@apereo.org> wrote: > Sorry, you don't need it in 5.3 as that one is default. So I didn't see > that in my dependencies. You'll need the ldaptive dependency for that. > You'll want to match version to the other ldaptive version you have. 1.2 > appears to bring in the unboundid dependency: > > https://search.maven.org/artifact/org.ldaptive/ldaptive-unboundid/1.2.0/jar > > <dependency> > <groupId>org.ldaptive</groupId> > <artifactId>ldaptive-unboundid</artifactId> > <version>1.2.0</version> > </dependency> > > > > On Fri, 2021-01-29 at 13:21 +0000, King, Robert wrote: > > I’m not certainas to the 5.0 version, but to use the UnboundIDProvider in > 6.x you need to add : > > > > compile "com.unboundid:unboundid-ldapsdk:4.0.9" > > > > to the Gradle build dependencies. I would assume it would be the same for > Maven. > > > > *From:* cas-user@apereo.org <cas-user@apereo.org> *On Behalf Of *Baron > Fujimoto > *Sent:* Thursday, January 28, 2021 11:41 PM > *To:* CAS Community <cas-user@apereo.org> > *Subject:* [EXTERNAL SENDER] Re: [cas-user] CAS 5.0.x newer ldaptive? > > > > Since the approach of trying to use an updated ldaptive library was > rapidly getting complicated, I tried the suggested UnboundIDProvider[*] > with the following in my cas.properties: > > > > > cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider > > > > But CAS throws this exception on startup: > > > > ERROR [org.apereo.cas.configuration.support.Beans] - > <org.ldaptive.provider.unboundid.UnboundIDProvider> > > java.lang.ClassNotFoundException: > org.ldaptive.provider.unboundid.UnboundIDProvider > > > > So perhaps I'm missing some other prerequisite? I don't see other mention > or discussion of it in the docs though. > > > > [*] I can't seem to find a 5.0.x version of > /Configuration-Properties-Common.html#ldap-connection-settings but this > property is also listed in the 5.0.x properties < > https://apereo.github.io/cas/5.0.x/installation/Configuration-Properties.html > > > > > > On Thu, Jan 28, 2021 at 11:18 AM 'Richard Frovarp' via CAS Community < > cas-user@apereo.org> wrote: > > You have to do overlay exclusions. Which for me looks like. Obviously > close the XML out as appropriate. I have further build plugins. > > > > <build> > > <plugins> > > <plugin> > > <artifactId>maven-war-plugin</artifactId> > > <version>2.6</version> > > <configuration> > > <failOnMissingWebXml>false</failOnMissingWebXml> > > <recompressZippedFiles>false</recompressZippedFiles> > > <archive> > > <compress>false</compress> > > <manifestFile> > ${project.build.directory}/war/work/org.apereo.cas/cas-server-webapp/META-INF/MANIFEST.MF > </manifestFile> > > </archive> > > <overlays> > > <overlay> > > <groupId>org.apereo.cas</groupId> > > <artifactId>cas-server-webapp</artifactId> > > <excludes> > > *<!-- <exclude>WEB-INF/cas.properties</exclude> -->* > > <exclude>WEB-INF/classes/application*.properties</exclude> > > <exclude>WEB-INF/lib/spring*.jar</exclude> > > <exclude>WEB-INF/lib/log4j*.jar</exclude> > > </excludes> > > </overlay> > > </overlays> > > <warName>cas</warName> > > </configuration> > > </plugin> > > > > > > But that isn't going to help you to put ldaptive in there. If you look at > the pom for ldaptive 2.0, they are calling for Java 11. Guessing they are > using something that is JDK 11 specific. Maybe you can rebuild with 8 and > it will work, I don't know. > > > > I would go with the easier solution of giving the UnboundID provider a > try. > https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties-Common.html#ldap-connection-settings > Bypass > the JDK code altogether. > > > > On Thu, 2021-01-28 at 10:56 -1000, Baron Fujimoto wrote: > > Hmm, the older ldaptive-1.2.0.jar and ldaptive-beans-1.2.0.jar don't > appear in the packages dependency tree, I'm not sure how I would > exclude them from the build. If I manually delete them from the resulting > cas.war file, then when I start CAS, I encounter the following > error/exception: > > > > ERROR [org.springframework.boot.SpringApplication] - <Application startup > failed> > > java.lang.UnsupportedClassVersionError: org/ldaptive/ConnectionFactory has > been compiled by a more recent version of the Java Runtime (class file > version 55.0), this version of the Java Runtime only recognizes class file > versions up to 52.0 (unable to load class [org.ldaptive.ConnectionFactory]) > > > > If my google-fu is right, this suggests that the newer ldaptive jar files > included via the overlay pom.xml were compiled with Java 11 rather than the > Java 8 we are using. If I wanted to continue down this path, I suppose that > means I would need to compile the newer ldaptive jars myself from source > using our installed Java 8? And if successful, then manually place them in > the resulting cas.war file? Or is there an easier way? > > > > On Thu, Jan 28, 2021 at 7:46 AM Ray Bon <r...@uvic.ca> wrote: > > Baron, > > > > Check what packages are included in the build with: > > mvn dependency:tree > > > > You can <exclude> transitive dependencies for the old library. > > But, the overlay, itself, may include an old version of the library, which > means that you would have to manually remove the old one from the war. > Maybe the exclude can be applied to the overlay too??? > > > > Ray > > > > On Wed, 2021-01-27 at 15:06 -1000, Baron Fujimoto wrote: > > *Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. * > > > > I'm working with Oracle to troubleshoot a bug we've encountered with their > JDK (1.8u231+) and LDAP errors. According to their analysis, they're > claiming that the problem lies with the ldaptive library being used by this > old (I know) version of CAS. More specifically that the subsequent JDKs > adhere to spec, and the ldaptive library appears to be testing for > unspecified behaviour. They are recommending I try a newer version of the > ldaptive library which does not appear to have the same code. > > > > I added the following to our pom.xml: > > > > <dependency> > > <groupId>org.ldaptive</groupId> > > <artifactId>ldaptive</artifactId> > > <version>2.0.1</version> > > </dependency> > > > > When I ran "mvn clean package" I think it looked like it was including the > 2.0.1 version of ldaptive in the build. However, it seems like I'm still > seeing LDAP problems. When I try to login, it will often result in the > errors such as the following being logged: > > > > 2021-01-27 12:10:56,974 DEBUG > [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Attempting > LDAP authentication for baron> > > 2021-01-27 12:10:56,986 WARN [org.ldaptive.pool.BlockingConnectionPool] - > <connection failed check out validation: > org.ldaptive.pool.AbstractConnectionPool$DefaultPooledConnectionProxy@4b6106ff > > > > 2021-01-27 12:10:56,989 ERROR > [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - > <LdapAuthenticationHandler: Unexpected LDAP error (Details: Validation of > connection failed)> > > > > Eventually the validation succeeds, then so does the authentication. > > > > How can I verify which version of ldaptive is being used by CAS? I don't > think I saw anything indicating this in the logs. If I search for ldaptive > in my overlay work directory I find the following: > > > > ===== > > $ grep -ilr ldaptive . > > ./target/cas.war > > > ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/classes/log4j2.xml > > > ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/person-directory-impl-1.8.4.jar > > > ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/ldaptive-1.2.0.jar > > > ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/ldaptive-beans-1.2.0.jar > > ./target/cas/WEB-INF/classes/log4j2.xml > > ./target/cas/WEB-INF/lib/person-directory-impl-1.8.4.jar > > ./target/cas/WEB-INF/lib/ldaptive-1.2.0.jar > > ./target/cas/WEB-INF/lib/ldaptive-beans-1.2.0.jar > > ./target/cas/WEB-INF/lib/ldaptive-beans-2.0.1.jar > > ./target/cas/WEB-INF/lib/ldaptive-2.0.1.jar > > ./pom.xml > > ./etc/cas/config/log4j2.xml > > ===== > > > > I see an ldaptive-2.0.1.jar and ldaptive-beans-2.0.1.jar, but > also ldaptive-1.2.0.jar and ldaptive-beans-1.2.0.jar. The 1.2.0 versions > are always present after the build even if I delete them first, so > something must be re-including them. How can I ensure that the new ldaptive > is used in place of the old one? > > > > Unrelated, but I'm also seeing the following errors in the build now that > weren't present when I originally built this long ago: > > > > Downloading: > https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/-SNAPSHOT/maven-metadata.xml > > [WARNING] Could not transfer metadata > com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from/to > spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > > [WARNING] Failure to transfer > com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from > https://repo.spring.io/libs-snapshot was cached in the local repository, > resolution will not be reattempted until the update interval of > spring-libs-snapshots has elapsed or updates are forced. Original error: > Could not transfer metadata > com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from/to > spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > > Downloading: > https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-client/-SNAPSHOT/maven-metadata.xml > > [WARNING] Could not transfer metadata > com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml > from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > > [WARNING] Failure to transfer > com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml > from https://repo.spring.io/libs-snapshot was cached in the local > repository, resolution will not be reattempted until the update interval of > spring-libs-snapshots has elapsed or updates are forced. Original error: > Could not transfer metadata > com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml > from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > > Downloading: > https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-example-admin/-SNAPSHOT/maven-metadata.xml > > [WARNING] Could not transfer metadata > com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml > from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > > [WARNING] Failure to transfer > com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml > from https://repo.spring.io/libs-snapshot was cached in the local > repository, resolution will not be reattempted until the update interval of > spring-libs-snapshots has elapsed or updates are forced. Original error: > Could not transfer metadata > com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml > from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > > Downloading: > https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-client-all/-SNAPSHOT/maven-metadata.xml > > [WARNING] Could not transfer metadata > com.github.duosecurity.duo_client_java:duo-client-all:-SNAPSHOT/maven-metadata.xml > from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > > > > It seems prudent to resolve these build errors as well. > > -- > > Baron Fujimoto <ba...@hawaii.edu> :: UH Information Technology Services > minutas cantorum, minutas balorum, minutas carboratum desendus pantorum > > -- > > > > Ray Bon > > Programmer Analyst > > Development Services, University Systems > > 2507218831 | CLE 019 | r...@uvic.ca > > > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/8bce280697887a84a31350dec8e78364b7ea07a5.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/8bce280697887a84a31350dec8e78364b7ea07a5.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > > > > -- > > Baron Fujimoto <ba...@hawaii.edu> :: UH Information Technology Services > minutas cantorum, minutas balorum, minutas carboratum desendus pantorum > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/a804a14d7388bf1771f73dc216cee6453d8505eb.camel%40ndsu.edu > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/a804a14d7388bf1771f73dc216cee6453d8505eb.camel%40ndsu.edu?utm_medium=email&utm_source=footer> > . > > > > > -- > > Baron Fujimoto <ba...@hawaii.edu> :: UH Information Technology Services > minutas cantorum, minutas balorum, minutas carboratum desendus pantorum > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL1Ga0Ecx-hBVG8meY89fRhtY5BRrVqZbXczonVycDDqrA%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL1Ga0Ecx-hBVG8meY89fRhtY5BRrVqZbXczonVycDDqrA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/7aec64cef858fe75335f241d4129d613f095ee0c.camel%40ndsu.edu > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/7aec64cef858fe75335f241d4129d613f095ee0c.camel%40ndsu.edu?utm_medium=email&utm_source=footer> > . > -- Baron Fujimoto <ba...@hawaii.edu> :: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum desendus pantorum -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL05OZrMgGeRLqh8QMGS-O%2B7R0zTwU9sMB_YtH64PLHZ%2Bg%40mail.gmail.com.
