Hi Bartosz,
I use simple ldap against an ApacheDS, it works well.
CAS is a marvellous thing ,but a highly sensitive one, you may want to
verify you have no white space at the end of lines in your config file.
I ran into that issue once which drove me crazy.
Also, I assume you compiled your CAS war including
compile "org.apereo.cas:cas-server-support-ldap:${casServerVersion}"
in the dependencies.
If I were you I would also make the search filter even simpler by removing
the wild card. I know it sounds dull, but with CAS you've got to start
small (X_X).
Basically, do not assume that a working ldap search request ran using an
LDAP tool will always be interpreted correctly inside CAS, that is not my
experience but this could be due to bugs on the versions of CAS I have been
using.
Doesn't the full report of the startup give you any hint?
Cheers,
Pierre
On Tuesday, 2 March 2021 at 12:26:19 UTC+1 Bartosz Nitkiewicz wrote:
> No success. I'm wondering if this config file is enough for proper LDAP
> authentication. One thing I want is to enter user name and password and
> then CAS msg logged in.
>
> wtorek, 2 marca 2021 o 11:30:16 UTC+1 leleuj napisał(a):
>
>> Hi,
>>
>> It looks like: *cas.authn.ldap[0].dn-format: '%s@domain'*
>> Thanks.
>> Best regards,
>> Jérôme
>>
>>
>> Le mar. 2 mars 2021 à 10:13, Bartosz Nitkiewicz <[email protected]> a
>> écrit :
>>
>>> Could you please tell me how it should looks like?
>>>
>>> wtorek, 2 marca 2021 o 10:09:05 UTC+1 leleuj napisał(a):
>>>
>>>> Hi,
>>>>
>>>> I checked an AD configuration I have and there is also a
>>>> *cas.authn.ldap[0].dn-format* property I don't see in your
>>>> configuration.
>>>> Thanks.
>>>> Best regards,
>>>> Jérôme
>>>>
>>>>
>>>> Le mar. 2 mars 2021 à 10:01, Bartosz Nitkiewicz <[email protected]>
>>>> a écrit :
>>>>
>>>>> Checked. Doesn't work either :(
>>>>>
>>>>> wtorek, 2 marca 2021 o 09:57:10 UTC+1 leleuj napisał(a):
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> For the AD LDAP, your type property should be AD:
>>>>>>
>>>>>> cas.authn.ldap[0].type=AD
>>>>>>
>>>>>>
>>>>>> Thanks.
>>>>>> Best regards,
>>>>>> Jérôme
>>>>>>
>>>>>>
>>>>>>
>>>>>> Le mar. 2 mars 2021 à 09:43, Bartosz Nitkiewicz <[email protected]>
>>>>>> a écrit :
>>>>>>
>>>>>>> Hello.
>>>>>>> I need your help. I'm trying to use CAS as authentication service
>>>>>>> for some of my applications. There are user names and passwords stored
>>>>>>> in
>>>>>>> AD (LDAP) server. I can't make CAS to authenticate users through LDAP.
>>>>>>> I
>>>>>>> have read all documentation an this ML, found some configs and I tried
>>>>>>> almost everything. Could someone look at my simple cas.properties and
>>>>>>> tell
>>>>>>> me if it looks ok?
>>>>>>>
>>>>>>> cas.server.name: https://localhost:8443
>>>>>>> cas.server.prefix: ${cas.server.name}/cas
>>>>>>>
>>>>>>> cas.authn.accept.enabled=false
>>>>>>>
>>>>>>> cas.authn.policy.any.try-all=false
>>>>>>> cas.authn.policy.any.enabled=true
>>>>>>>
>>>>>>> cas.authn.ldap[0].type=AUTHENTICATED
>>>>>>> cas.authn.ldap[0].ldap-url=ldaps://ldpadomainname.org
>>>>>>> cas.authn.ldap[0].base-dn=OU=TEST,dc=test,dc=test,dc=test,dc=org
>>>>>>> cas.authn.ldap[0].subtree-search=true
>>>>>>>
>>>>>>>
>>>>>>> cas.authn.ldap[0].searchFilter=(&(objectclass=*)(sAMAccountName={user}))
>>>>>>>
>>>>>>>
>>>>>>> cas.authn.ldap[0].bind-dn=cn=testaccount,cn=group,dc=test,dc=test,dc=test,dc=com
>>>>>>> cas.authn.ldap[0].bind-credential=password
>>>>>>>
>>>>>>> cas.authn.ldap[0].keystore=file:/etc/cas/config/thekeystore
>>>>>>> cas.authn.ldap[0].keystorePassword=asd123456
>>>>>>> cas.authn.ldap[0].keystoreType=PKCS12
>>>>>>>
>>>>>>> ldapsearch form commandline works fine. I can filter LDAP tree to
>>>>>>> find proper username.
>>>>>>>
>>>>>>> Thanks in advance.
>>>>>>>
>>>>>>> --
>>>>>>> - Website: https://apereo.github.io/cas
>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>>>>> - Contributions: https://goo.gl/mh7qDG
>>>>>>> ---
>>>>>>> You received this message because you are subscribed to the Google
>>>>>>> Groups "CAS Community" group.
>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>> send an email to [email protected].
>>>>>>> To view this discussion on the web visit
>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/88e9b773-d5df-4b8f-ae1e-4b299840d479n%40apereo.org
>>>>>>>
>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/88e9b773-d5df-4b8f-ae1e-4b299840d479n%40apereo.org?utm_medium=email&utm_source=footer>
>>>>>>> .
>>>>>>>
>>>>>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/decf3734-0ef4-4847-bf0f-34c25c8d784en%40apereo.org.
