Shouldn't you add keystore for SSL/TLS authentication?
like:
cas.authn.ldap[0].keystore=file:/etc/cas/config/keystore.jks
cas.authn.ldap[0].keystorePassword=password
cas.authn.ldap[0].keystoreType=PKCS12
You should add your signed certificate to main JAVA keystore
poniedziałek, 22 marca 2021 o 16:57:38 UTC+1 Jérémie Pilette napisał(a):
> Yes I am using Start-tls
> cas.authn.ldap[0].use-start-tls=true
>
> Le lundi 22 mars 2021 à 16:53:36 UTC+1, Bartosz Nitkiewicz a écrit :
>
>> Maybe your LDAP server have to be authenticated through SSL/TLS (LDAPS)?
>>
>> poniedziałek, 22 marca 2021 o 16:25:41 UTC+1 Jérémie Pilette napisał(a):
>>
>>> It seems to be Invalid Credential for the user.. I don't know why..
>>> Le lundi 22 mars 2021 à 16:21:48 UTC+1, Jérémie Pilette a écrit :
>>>
>>>> It doesn't change anything with this two lines added ... :o(
>>>>
>>>> Le lundi 22 mars 2021 à 16:17:58 UTC+1, Bartosz Nitkiewicz a écrit :
>>>>
>>>>> implementation is ok
>>>>>
>>>>> Try to add
>>>>> cas.authn.ldap[0].name=adYourName
>>>>> cas.authn.ldap[0].order=0
>>>>>
>>>>> poniedziałek, 22 marca 2021 o 16:13:17 UTC+1 Jérémie Pilette
>>>>> napisał(a):
>>>>>
>>>>>>
>>>>>> Yes I have :
>>>>>> compile
>>>>>> "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
>>>>>>
>>>>>> But i have seen that instead of "compile" we can put "implementation".
>>>>>> I do not know which one we have to use
>>>>>>
>>>>>>
>>>>>>
>>>>>> Le lundi 22 mars 2021 à 16:07:48 UTC+1, Bartosz Nitkiewicz a écrit :
>>>>>>
>>>>>>> Hi,
>>>>>>> Did you build ldap dependency into your CAS server?
>>>>>>> You should add
>>>>>>> org.apereo.cas:cas-server-support-ldap:${casServerVersion} in
>>>>>>> build.graddle
>>>>>>> and rebuild CAS app.
>>>>>>> Regards,
>>>>>>> BN
>>>>>>>
>>>>>>> poniedziałek, 22 marca 2021 o 15:50:04 UTC+1 Jérémie Pilette
>>>>>>> napisał(a):
>>>>>>>
>>>>>>>> Here my cas.properties
>>>>>>>>
>>>>>>>> ***********
>>>>>>>> cas.server.name=https://xxxxx.xxxxx.fr
>>>>>>>> cas.server.prefix=${cas.server.name}/cas
>>>>>>>>
>>>>>>>> logging.config=file:/etc/cas/config/log4j2.xml
>>>>>>>>
>>>>>>>> cas.service-registry.json.location=file:/etc/cas/services
>>>>>>>>
>>>>>>>> cas.authn.ldap[0].principal-attribute-list=cn,givenName,sn
>>>>>>>>
>>>>>>>> # cas.authn.ldap[0].collect-dn-attribute=false
>>>>>>>> # cas.authn.ldap[0].principal-dn-attribute-name=
>>>>>>>> # cas.authn.ldap[0].allow-multiple-principal-attribute-values=true
>>>>>>>> # cas.authn.ldap[0].allow-missing-principal-attribute-value=true
>>>>>>>> # cas.authn.ldap[0].credential-criteria=
>>>>>>>>
>>>>>>>> cas.authn.ldap[0].ldap-url=ldap://xxx.yyyy.com
>>>>>>>> cas.authn.ldap[0].bind-dn=userdn
>>>>>>>> cas.authn.ldap[0].bind-credential=pwd
>>>>>>>>
>>>>>>>> cas.authn.ldap[0].base-dn=my_base_dn
>>>>>>>> cas.authn.ldap[0].subtree-search=true
>>>>>>>> cas.authn.ldap[0].search-filter=my_filter
>>>>>>>> cas.authn.ldap[0].page-size=0
>>>>>>>>
>>>>>>>> cas.authn.ldap[0].principal-attribute-password=userPassword
>>>>>>>>
>>>>>>>> cas.authn.ldap[0].min-pool-size=3
>>>>>>>> cas.authn.ldap[0].max-pool-size=10
>>>>>>>> cas.authn.ldap[0].validate-on-checkout=true
>>>>>>>> cas.authn.ldap[0].validate-periodically=true
>>>>>>>> cas.authn.ldap[0].validate-period=PT5M
>>>>>>>> cas.authn.ldap[0].validate-timeout=PT5S
>>>>>>>> cas.authn.ldap[0].fail-fast=false
>>>>>>>> cas.authn.ldap[0].idle-time=PT10M
>>>>>>>> cas.authn.ldap[0].prune-period=PT2H
>>>>>>>> cas.authn.ldap[0].block-wait-time=PT3S
>>>>>>>> cas.authn.ldap[0].use-start-tls=true
>>>>>>>> cas.authn.ldap[0].response-timeout=PT5S
>>>>>>>> *******************
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Le lundi 22 mars 2021 à 15:37:56 UTC+1, Jérémie Pilette a écrit :
>>>>>>>>
>>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>> I have just install the CAS server version 6.4 and made my LDAP
>>>>>>>>> configuration.
>>>>>>>>> Impossible for users to authenticate.
>>>>>>>>> Maybe I forget something... I do not know what...
>>>>>>>>>
>>>>>>>>> Do you have an idea please ?
>>>>>>>>>
>>>>>>>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/081e40f1-7d8d-4019-8bc0-e027cb52b027n%40apereo.org.
