Mahalo nui loa! The UnboundID workaround appears to solve the problem so I don't need to further pursue trying to substitute a newer version of the Ldaptive library. I wasn't able to find any documentation on the UnboundIDProvider though (what does it do specifically, and where would I have found that requisite dependency). Did I miss that somewhere? Now I can focus on upgrading to a current version of CAS.
On Fri, Jan 29, 2021 at 5:20 AM 'Richard Frovarp' via CAS Community < [email protected]> wrote: > Sorry, you don't need it in 5.3 as that one is default. So I didn't see > that in my dependencies. You'll need the ldaptive dependency for that. > You'll want to match version to the other ldaptive version you have. 1.2 > appears to bring in the unboundid dependency: > > https://search.maven.org/artifact/org.ldaptive/ldaptive-unboundid/1.2.0/jar > > <dependency> > <groupId>org.ldaptive</groupId> > <artifactId>ldaptive-unboundid</artifactId> > <version>1.2.0</version> > </dependency> > > > > On Fri, 2021-01-29 at 13:21 +0000, King, Robert wrote: > > I’m not certainas to the 5.0 version, but to use the UnboundIDProvider in > 6.x you need to add : > > > > compile "com.unboundid:unboundid-ldapsdk:4.0.9" > > > > to the Gradle build dependencies. I would assume it would be the same for > Maven. > > > > *From:* [email protected] <[email protected]> *On Behalf Of *Baron > Fujimoto > *Sent:* Thursday, January 28, 2021 11:41 PM > *To:* CAS Community <[email protected]> > *Subject:* [EXTERNAL SENDER] Re: [cas-user] CAS 5.0.x newer ldaptive? > > > > Since the approach of trying to use an updated ldaptive library was > rapidly getting complicated, I tried the suggested UnboundIDProvider[*] > with the following in my cas.properties: > > > > > cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider > > > > But CAS throws this exception on startup: > > > > ERROR [org.apereo.cas.configuration.support.Beans] - > <org.ldaptive.provider.unboundid.UnboundIDProvider> > > java.lang.ClassNotFoundException: > org.ldaptive.provider.unboundid.UnboundIDProvider > > > > So perhaps I'm missing some other prerequisite? I don't see other mention > or discussion of it in the docs though. > > > > [*] I can't seem to find a 5.0.x version of > /Configuration-Properties-Common.html#ldap-connection-settings but this > property is also listed in the 5.0.x properties < > https://apereo.github.io/cas/5.0.x/installation/Configuration-Properties.html > > > > > > On Thu, Jan 28, 2021 at 11:18 AM 'Richard Frovarp' via CAS Community < > [email protected]> wrote: > > You have to do overlay exclusions. Which for me looks like. Obviously > close the XML out as appropriate. I have further build plugins. > > > > <build> > > <plugins> > > <plugin> > > <artifactId>maven-war-plugin</artifactId> > > <version>2.6</version> > > <configuration> > > <failOnMissingWebXml>false</failOnMissingWebXml> > > <recompressZippedFiles>false</recompressZippedFiles> > > <archive> > > <compress>false</compress> > > <manifestFile> > ${project.build.directory}/war/work/org.apereo.cas/cas-server-webapp/META-INF/MANIFEST.MF > </manifestFile> > > </archive> > > <overlays> > > <overlay> > > <groupId>org.apereo.cas</groupId> > > <artifactId>cas-server-webapp</artifactId> > > <excludes> > > *<!-- <exclude>WEB-INF/cas.properties</exclude> -->* > > <exclude>WEB-INF/classes/application*.properties</exclude> > > <exclude>WEB-INF/lib/spring*.jar</exclude> > > <exclude>WEB-INF/lib/log4j*.jar</exclude> > > </excludes> > > </overlay> > > </overlays> > > <warName>cas</warName> > > </configuration> > > </plugin> > > > > > > But that isn't going to help you to put ldaptive in there. If you look at > the pom for ldaptive 2.0, they are calling for Java 11. Guessing they are > using something that is JDK 11 specific. Maybe you can rebuild with 8 and > it will work, I don't know. > > > > I would go with the easier solution of giving the UnboundID provider a > try. > https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties-Common.html#ldap-connection-settings > Bypass > the JDK code altogether. > > > > On Thu, 2021-01-28 at 10:56 -1000, Baron Fujimoto wrote: > > Hmm, the older ldaptive-1.2.0.jar and ldaptive-beans-1.2.0.jar don't > appear in the packages dependency tree, I'm not sure how I would > exclude them from the build. If I manually delete them from the resulting > cas.war file, then when I start CAS, I encounter the following > error/exception: > > > > ERROR [org.springframework.boot.SpringApplication] - <Application startup > failed> > > java.lang.UnsupportedClassVersionError: org/ldaptive/ConnectionFactory has > been compiled by a more recent version of the Java Runtime (class file > version 55.0), this version of the Java Runtime only recognizes class file > versions up to 52.0 (unable to load class [org.ldaptive.ConnectionFactory]) > > > > If my google-fu is right, this suggests that the newer ldaptive jar files > included via the overlay pom.xml were compiled with Java 11 rather than the > Java 8 we are using. If I wanted to continue down this path, I suppose that > means I would need to compile the newer ldaptive jars myself from source > using our installed Java 8? And if successful, then manually place them in > the resulting cas.war file? Or is there an easier way? > > > > On Thu, Jan 28, 2021 at 7:46 AM Ray Bon <[email protected]> wrote: > > Baron, > > > > Check what packages are included in the build with: > > mvn dependency:tree > > > > You can <exclude> transitive dependencies for the old library. > > But, the overlay, itself, may include an old version of the library, which > means that you would have to manually remove the old one from the war. > Maybe the exclude can be applied to the overlay too??? > > > > Ray > > > > On Wed, 2021-01-27 at 15:06 -1000, Baron Fujimoto wrote: > > *Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. * > > > > I'm working with Oracle to troubleshoot a bug we've encountered with their > JDK (1.8u231+) and LDAP errors. According to their analysis, they're > claiming that the problem lies with the ldaptive library being used by this > old (I know) version of CAS. More specifically that the subsequent JDKs > adhere to spec, and the ldaptive library appears to be testing for > unspecified behaviour. They are recommending I try a newer version of the > ldaptive library which does not appear to have the same code. > > > > I added the following to our pom.xml: > > > > <dependency> > > <groupId>org.ldaptive</groupId> > > <artifactId>ldaptive</artifactId> > > <version>2.0.1</version> > > </dependency> > > > > When I ran "mvn clean package" I think it looked like it was including the > 2.0.1 version of ldaptive in the build. However, it seems like I'm still > seeing LDAP problems. When I try to login, it will often result in the > errors such as the following being logged: > > > > 2021-01-27 12:10:56,974 DEBUG > [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Attempting > LDAP authentication for baron> > > 2021-01-27 12:10:56,986 WARN [org.ldaptive.pool.BlockingConnectionPool] - > <connection failed check out validation: > org.ldaptive.pool.AbstractConnectionPool$DefaultPooledConnectionProxy@4b6106ff > > > > 2021-01-27 12:10:56,989 ERROR > [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - > <LdapAuthenticationHandler: Unexpected LDAP error (Details: Validation of > connection failed)> > > > > Eventually the validation succeeds, then so does the authentication. > > > > How can I verify which version of ldaptive is being used by CAS? I don't > think I saw anything indicating this in the logs. If I search for ldaptive > in my overlay work directory I find the following: > > > > ===== > > $ grep -ilr ldaptive . > > ./target/cas.war > > > ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/classes/log4j2.xml > > > ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/person-directory-impl-1.8.4.jar > > > ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/ldaptive-1.2.0.jar > > > ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/ldaptive-beans-1.2.0.jar > > ./target/cas/WEB-INF/classes/log4j2.xml > > ./target/cas/WEB-INF/lib/person-directory-impl-1.8.4.jar > > ./target/cas/WEB-INF/lib/ldaptive-1.2.0.jar > > ./target/cas/WEB-INF/lib/ldaptive-beans-1.2.0.jar > > ./target/cas/WEB-INF/lib/ldaptive-beans-2.0.1.jar > > ./target/cas/WEB-INF/lib/ldaptive-2.0.1.jar > > ./pom.xml > > ./etc/cas/config/log4j2.xml > > ===== > > > > I see an ldaptive-2.0.1.jar and ldaptive-beans-2.0.1.jar, but > also ldaptive-1.2.0.jar and ldaptive-beans-1.2.0.jar. The 1.2.0 versions > are always present after the build even if I delete them first, so > something must be re-including them. How can I ensure that the new ldaptive > is used in place of the old one? > > > > Unrelated, but I'm also seeing the following errors in the build now that > weren't present when I originally built this long ago: > > > > Downloading: > https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/-SNAPSHOT/maven-metadata.xml > > [WARNING] Could not transfer metadata > com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from/to > spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > > [WARNING] Failure to transfer > com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from > https://repo.spring.io/libs-snapshot was cached in the local repository, > resolution will not be reattempted until the update interval of > spring-libs-snapshots has elapsed or updates are forced. Original error: > Could not transfer metadata > com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from/to > spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > > Downloading: > https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-client/-SNAPSHOT/maven-metadata.xml > > [WARNING] Could not transfer metadata > com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml > from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > > [WARNING] Failure to transfer > com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml > from https://repo.spring.io/libs-snapshot was cached in the local > repository, resolution will not be reattempted until the update interval of > spring-libs-snapshots has elapsed or updates are forced. Original error: > Could not transfer metadata > com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml > from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > > Downloading: > https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-example-admin/-SNAPSHOT/maven-metadata.xml > > [WARNING] Could not transfer metadata > com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml > from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > > [WARNING] Failure to transfer > com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml > from https://repo.spring.io/libs-snapshot was cached in the local > repository, resolution will not be reattempted until the update interval of > spring-libs-snapshots has elapsed or updates are forced. Original error: > Could not transfer metadata > com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml > from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > > Downloading: > https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-client-all/-SNAPSHOT/maven-metadata.xml > > [WARNING] Could not transfer metadata > com.github.duosecurity.duo_client_java:duo-client-all:-SNAPSHOT/maven-metadata.xml > from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > > > > It seems prudent to resolve these build errors as well. > > -- > > Baron Fujimoto <[email protected]> :: UH Information Technology Services > minutas cantorum, minutas balorum, minutas carboratum desendus pantorum > > -- > > > > Ray Bon > > Programmer Analyst > > Development Services, University Systems > > 2507218831 | CLE 019 | [email protected] > > > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/8bce280697887a84a31350dec8e78364b7ea07a5.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/8bce280697887a84a31350dec8e78364b7ea07a5.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > > > > -- > > Baron Fujimoto <[email protected]> :: UH Information Technology Services > minutas cantorum, minutas balorum, minutas carboratum desendus pantorum > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/a804a14d7388bf1771f73dc216cee6453d8505eb.camel%40ndsu.edu > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/a804a14d7388bf1771f73dc216cee6453d8505eb.camel%40ndsu.edu?utm_medium=email&utm_source=footer> > . > > > > > -- > > Baron Fujimoto <[email protected]> :: UH Information Technology Services > minutas cantorum, minutas balorum, minutas carboratum desendus pantorum > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL1Ga0Ecx-hBVG8meY89fRhtY5BRrVqZbXczonVycDDqrA%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL1Ga0Ecx-hBVG8meY89fRhtY5BRrVqZbXczonVycDDqrA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/7aec64cef858fe75335f241d4129d613f095ee0c.camel%40ndsu.edu > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/7aec64cef858fe75335f241d4129d613f095ee0c.camel%40ndsu.edu?utm_medium=email&utm_source=footer> > . > -- Baron Fujimoto <[email protected]> :: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum desendus pantorum -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL05OZrMgGeRLqh8QMGS-O%2B7R0zTwU9sMB_YtH64PLHZ%2Bg%40mail.gmail.com.
