Re: [cas-user] Re: CAS Management Overlay 6.5 LDAP Issues?

Tue, 08 Feb 2022 12:55:22 -0800

Are you sure, that you need to set dnFormat? If you have users in different ou's, it will be difficult to use with a template as cn=%s,ou=... and should not the dn be found by the searchFilter? 

Felix

Am 08.02.22 um 19:13 schrieb Michael Santangelo:

I changed my config to:

cas.authn.ldap[0].order=0
cas.authn.ldap[0].name=Tech Active Directory
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldap://<hostname>:389
cas.authn.ldap[0].validatePeriod=270
cas.authn.ldap[0].poolPassivator=NONE
cas.authn.ldap[0].searchFilter=sAMAccountName={user}
cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
cas.authn.ldap[0].dnFormat=CN=%s,OU=Technology,OU=Staff,DC=...
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].bindDn=CN=casbind,CN=Users,DC=...
cas.authn.ldap[0].bindCredential=<a password>
And now it's working for people in that OU... Time to see if I can expand it to the entire Staff OU...
On Tuesday, February 8, 2022 at 11:03:31 AM UTC-5 Michael Santangelo wrote: 

    Hello all,

    Forgive me for this, I'm brand new to CAS and I'm trying to get
    LDAP working.

    I built an Ubuntu VM and did initial setup by doing:

     1. git clone https://github.com/apereo/cas-overlay-template
     2. I did some initial config changes in the cas.properties to get
        SSL up and running
     3. Ran sudo ./gradlew clean copyCasConfiguration build run
     4. I can login using the casuser and the default password as
        expected.  This part is all working fine.

    So I tried adding LDAP support by:

     1. Modify build.gradle by adding
            implementation
        "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
        to the dependencies section.
     2. Modify cas.properties by adding:
        # Disable casuser
        cas.authn.accept.users=
        # LDAP Servers Authenticated
        cas.authn.ldap[0].ldapUrl=ldap://<ldap server ip>:389
        #cas.authn.ldap[0].usessl=false
        cas.authn.ldap[0].useStartTls=false
        cas.authn.ldap[0].type=AUTHENTICATED
        cas.authn.ldap[0].bindDn=cn=cas bind,CN=Users,DC=...
        cas.authn.ldap[0].bindCredential=<the password>
        # LDAP Servers Authenticated

        # Search For CAS User
        cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
        cas.authn.ldap[0].subtreeSearch=true
        #cas.authn.ldap[0].searchFilter=(&(objectClass=person)(uid={user}))
        #cas.authn.ldap[0].searchFilter=uid={user}
        cas.authn.ldap[0].searchFilter=sAMAaccountName={user}
        #cas.authn.ldap[0].principalAttributeList=cn,givenName,mail,sn
        # Search for CAS User
     3. Ran sudo ./gradlew clean copyCasConfiguration build run

    The page loads as usual.  I am unable to login as casuser, which
    is expected.  I cannot login with any domain credentials.

    In the log I get an error:
    2022-02-08 15:43:49,567 INFO
    [org.apereo.cas.authentication.DefaultAuthenticationManager] -
    <[LdapAuthenticationHandler] exception details: [Unable to resolve
    user dn for <a username>].>

    So I tried to verify that the server can connect via LDAP:

    ldapsearch -H ldap://<ldap server ip>:389 -D "CN=cas
    bind,CN=Users,DC=..." -W samaccountname=<a username> -b
    "OU=Technology,OU=Staff,DC=..." -v

    And I receive a valid result.

    I'm not sure where the disconnect is, or what else I should search
    for.  Any tips or suggestions that you could provide would be helpful.

    I'm attaching the output of Task :run.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bff98751-3a50-4786-81a9-cc38a6228cc4n%40apereo.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/bff98751-3a50-4786-81a9-cc38a6228cc4n%40apereo.org?utm_medium=email&utm_source=footer>. 

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- You received this message because you are subscribed to the Google Groups "CAS Community" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/dad9c50c-89b1-bb0a-acb4-40fda83823c1%40internetallee.de.

Attachment: OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply via email to