Felix
Am 08.02.22 um 22:07 schrieb Michael Santangelo:
The finalized working bit for Active Directory LDAP was: # Working LDAP Auth cas.authn.ldap[0].order=0 cas.authn.ldap[0].name=Active Directory cas.authn.ldap[0].type=AD cas.authn.ldap[0].ldapUrl=ldap://<DC FQDN>:389 cas.authn.ldap[0].validatePeriod=270 cas.authn.ldap[0].poolPassivator=NONE cas.authn.ldap[0].searchFilter=sAMAccountName={user} cas.authn.ldap[0].baseDn=OU=Staff,DC=... cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].bindDn=CN=casbind,CN=Users,DC=... cas.authn.ldap[0].bindCredential=<password> # Working LDAP Auth :D I even got Duo MFA working today. Thanks all! On Tuesday, February 8, 2022 at 3:55:18 PM UTC-5 Felix Schumacher wrote: Are you sure, that you need to set dnFormat? If you have users in different ou's, it will be difficult to use with a template as cn=%s,ou=... and should not the dn be found by the searchFilter? Felix Am 08.02.22 um 19:13 schrieb Michael Santangelo:I changed my config to: cas.authn.ldap[0].order=0 cas.authn.ldap[0].name=Tech Active Directory cas.authn.ldap[0].type=AD cas.authn.ldap[0].ldapUrl=ldap://<hostname>:389 cas.authn.ldap[0].validatePeriod=270 cas.authn.ldap[0].poolPassivator=NONE cas.authn.ldap[0].searchFilter=sAMAccountName={user} cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=... cas.authn.ldap[0].dnFormat=CN=%s,OU=Technology,OU=Staff,DC=... cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].bindDn=CN=casbind,CN=Users,DC=... cas.authn.ldap[0].bindCredential=<a password> And now it's working for people in that OU... Time to see if I can expand it to the entire Staff OU... On Tuesday, February 8, 2022 at 11:03:31 AM UTC-5 Michael Santangelo wrote: Hello all, Forgive me for this, I'm brand new to CAS and I'm trying to get LDAP working. I built an Ubuntu VM and did initial setup by doing: 1. git clone https://github.com/apereo/cas-overlay-template 2. I did some initial config changes in the cas.properties to get SSL up and running 3. Ran sudo ./gradlew clean copyCasConfiguration build run 4. I can login using the casuser and the default password as expected. This part is all working fine. So I tried adding LDAP support by: 1. Modify build.gradle by adding implementation "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}" to the dependencies section. 2. Modify cas.properties by adding: # Disable casuser cas.authn.accept.users= # LDAP Servers Authenticated cas.authn.ldap[0].ldapUrl=ldap://<ldap server ip>:389 #cas.authn.ldap[0].usessl=false cas.authn.ldap[0].useStartTls=false cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].bindDn=cn=cas bind,CN=Users,DC=... cas.authn.ldap[0].bindCredential=<the password> # LDAP Servers Authenticated # Search For CAS User cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=... cas.authn.ldap[0].subtreeSearch=true #cas.authn.ldap[0].searchFilter=(&(objectClass=person)(uid={user})) #cas.authn.ldap[0].searchFilter=uid={user} cas.authn.ldap[0].searchFilter=sAMAaccountName={user} #cas.authn.ldap[0].principalAttributeList=cn,givenName,mail,sn # Search for CAS User 3. Ran sudo ./gradlew clean copyCasConfiguration build run The page loads as usual. I am unable to login as casuser, which is expected. I cannot login with any domain credentials. In the log I get an error: 2022-02-08 15:43:49,567 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[LdapAuthenticationHandler] exception details: [Unable to resolve user dn for <a username>].> So I tried to verify that the server can connect via LDAP: ldapsearch -H ldap://<ldap server ip>:389 -D "CN=cas bind,CN=Users,DC=..." -W samaccountname=<a username> -b "OU=Technology,OU=Staff,DC=..." -v And I receive a valid result. I'm not sure where the disconnect is, or what else I should search for. Any tips or suggestions that you could provide would be helpful. I'm attaching the output of Task :run.-- - Website: https://apereo.github.io/cas- Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bff98751-3a50-4786-81a9-cc38a6228cc4n%40apereo.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/bff98751-3a50-4786-81a9-cc38a6228cc4n%40apereo.org?utm_medium=email&utm_source=footer>.
-- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG--- You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d0f44aab-1cbd-9c75-09a0-8faeafd1b7ae%40internetallee.de.
OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
