Re: [cas-user] Re: CAS Management Overlay 6.5 LDAP Issues?

Tue, 08 Feb 2022 12:55:22 -0800

Are you sure, that you need to set dnFormat? If you have users in different ou's, it will be difficult to use with a template as cn=%s,ou=... and should not the dn be found by the searchFilter? 

Felix

Am 08.02.22 um 19:13 schrieb Michael Santangelo:

I changed my config to:

cas.authn.ldap[0].order=0
cas.authn.ldap[0].name=Tech Active Directory
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldap://<hostname>:389
cas.authn.ldap[0].validatePeriod=270
cas.authn.ldap[0].poolPassivator=NONE
cas.authn.ldap[0].searchFilter=sAMAccountName={user}
cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
cas.authn.ldap[0].dnFormat=CN=%s,OU=Technology,OU=Staff,DC=...
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].bindDn=CN=casbind,CN=Users,DC=...
cas.authn.ldap[0].bindCredential=<a password>
And now it's working for people in that OU... Time to see if I can expand it to the entire Staff OU...
On Tuesday, February 8, 2022 at 11:03:31 AM UTC-5 Michael Santangelo wrote: 

    Hello all,

    Forgive me for this, I'm brand new to CAS and I'm trying to get
    LDAP working.

    I built an Ubuntu VM and did initial setup by doing:

     1. git clone https://github.com/apereo/cas-overlay-template
     2. I did some initial config changes in the cas.properties to get
        SSL up and running
     3. Ran sudo ./gradlew clean copyCasConfiguration build run
     4. I can login using the casuser and the default password as
        expected.  This part is all working fine.

    So I tried adding LDAP support by:

     1. Modify build.gradle by adding
            implementation
        "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
        to the dependencies section.
     2. Modify cas.properties by adding:
        # Disable casuser
        cas.authn.accept.users=
        # LDAP Servers Authenticated
        cas.authn.ldap[0].ldapUrl=ldap://<ldap server ip>:389
        #cas.authn.ldap[0].usessl=false
        cas.authn.ldap[0].useStartTls=false
        cas.authn.ldap[0].type=AUTHENTICATED
        cas.authn.ldap[0].bindDn=cn=cas bind,CN=Users,DC=...
        cas.authn.ldap[0].bindCredential=<the password>
        # LDAP Servers Authenticated

        # Search For CAS User
        cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
        cas.authn.ldap[0].subtreeSearch=true
        #cas.authn.ldap[0].searchFilter=(&(objectClass=person)(uid={user}))
        #cas.authn.ldap[0].searchFilter=uid={user}
        cas.authn.ldap[0].searchFilter=sAMAaccountName={user}
        #cas.authn.ldap[0].principalAttributeList=cn,givenName,mail,sn
        # Search for CAS User
     3. Ran sudo ./gradlew clean copyCasConfiguration build run

    The page loads as usual.  I am unable to login as casuser, which
    is expected.  I cannot login with any domain credentials.

    In the log I get an error:
    2022-02-08 15:43:49,567 INFO
    [org.apereo.cas.authentication.DefaultAuthenticationManager] -
    <[LdapAuthenticationHandler] exception details: [Unable to resolve
    user dn for <a username>].>

    So I tried to verify that the server can connect via LDAP:

    ldapsearch -H ldap://<ldap server ip>:389 -D "CN=cas
    bind,CN=Users,DC=..." -W samaccountname=<a username> -b
    "OU=Technology,OU=Staff,DC=..." -v

    And I receive a valid result.

    I'm not sure where the disconnect is, or what else I should search
    for.  Any tips or suggestions that you could provide would be helpful.

    I'm attaching the output of Task :run.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bff98751-3a50-4786-81a9-cc38a6228cc4n%40apereo.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/bff98751-3a50-4786-81a9-cc38a6228cc4n%40apereo.org?utm_medium=email&utm_source=footer>. 

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- You received this message because you are subscribed to the Google Groups "CAS Community" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/dad9c50c-89b1-bb0a-acb4-40fda83823c1%40internetallee.de.

Attachment: OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply via email to