It looks like the attribute in your cas.authn.ldap[0].searchFilter is not in
the response from your LDAP query.
cas.authn.ldap[0].searchFilter=supannAliasLogin={%s}
Also according to the CAS documentation, you should “{user}” and not “{%s}”.
Try the following and see if it resolves your connection issues:
cas.authn.ldap[0].searchFilter=uid={user}
From: [email protected] <[email protected]> On Behalf Of Zaki Elmi Guelleh
Sent: Wednesday, May 18, 2022 3:02 AM
To: [email protected]
Subject: [EXTERNAL SENDER] Re: [cas-user] CAS/LDAP user
Hi Ray,
ldap settings are correct.
root@LDAPserv:~# ldapsearch -h 192.168.143.200 -x -W -D
"cn=admin,dc=example,dc=com"
# testuser, people, example.com<http://example.com>
dn: cn=testuser,ou=people,dc=example,dc=com
cn: testuser
gidNumber: 9802
givenName: testuser
homeDirectory: /home/users/testuser
mail:
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: supannPerson
sn: testuser
supannEmpId: 1001
supannEmpProfil:: QWRtaW5pc3RyYXRldXIgZHUgU3lzdMOobWUgJiBSw6lzZWF1
supannEntiteAffectation:
uid: testuser
uidNumber: 10012
userPassword:: e01ENX16QVBuUjZhdnU4djR2blpvclA2KzVRPT0=
logs cas :
=============================================================
WHO: audit:unknown
WHAT: {source=RankedMultifactorAuthenticationProviderWebflowEventResolver,
event=success, timestamp=Wed May 18 07:23:54 CEST 2022}
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Wed May 18 07:23:54 CEST 2022
CLIENT IP ADDRESS: X.X.X.X
SERVER IP ADDRESS: X.X.X.X
=============================================================
>
2022-05-18 07:24:07,465 INFO
[org.apereo.cas.authentication.DefaultAuthenticationManager] -
<[LdapAuthenticationHandler] exception details: [Unable to resolve user dn for
testuser].>
2022-05-18 07:24:07,465 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: testuser
WHAT: [UsernamePasswordCredential(username=testuser, source=null,
customFields={})]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Wed May 18 07:24:07 CEST 2022
CLIENT IP ADDRESS: X.X.X.X
SERVER IP ADDRESS: X.X.X.X
=============================================================
Thanks
Le mar. 17 mai 2022 à 19:23, Ray Bon <[email protected]<mailto:[email protected]>> a
écrit :
zak,
This are the settings I have for ldap
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldaps://...
cas.authn.ldap[0].connectTimeout=PT3S
cas.authn.ldap[0].baseDn=ou=people,...
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].searchFilter=uid={user}
cas.authn.ldap[0].bindDn=cn=Auth Manager,...
cas.authn.ldap[0].bindCredential=...
cas.authn.ldap[0].principalAttributeList=...
You can use the command line utility, ldapsearch, to be sure your ldap settings
are correct.
Also check ldap logs.
Ray
On Tue, 2022-05-17 at 08:25 -0700, zak elmi wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Hi everyone.
I have a problem that I haven't been able to solve for a long time.
[org.apereo.cas.configuration.CasConfigurationPropertiesValidator] - <Validated
CAS property sources and configuration successfully.>
_ ____ _____ ____ _____ ___ ____ _ ____
/ \ | _ \| ____| _ \| ____/ _ \ / ___| / \ / ___|
/ _ \ | |_) | _| | |_) | _|| | | | | | / _ \ \___ \
/ ___ \| __/| |___| _ <| |__| |_| | | |___ / ___ \ ___) |
/_/ \_\_| |_____|_| \_\_____\___/ \____/_/ \_\____/
CAS Version: 6.6.0-RC2
CAS Branch: master
CAS Commit Id: 7946bc20e93ed407274ca391864c8e67165b4c8c
CAS Build Date/Time: 2022-05-10T11:39:56Z
Spring Boot Version: 2.6.6
Spring Version: 5.3.19
Java Home: /usr/lib/jvm/jdk-11
Java Vendor: Oracle Corporation
Java Version: 11.0.15
JVM Free Memory: 298 MB
JVM Maximum Memory: 910 MB
JVM Total Memory: 603 MB
OS Architecture: amd64
OS Name: Linux
OS Version: 4.9.0-18-amd64
OS Date/Time: 2022-05-17T16:45:45.852237
OS Temp Directory: /opt/tomcat/latest/temp
------------------------------------------------------------
Apache Tomcat Version: Apache Tomcat/9.0.30
-----------------------------------------------
____ _____ _ ______ __
| _ \| ____| / \ | _ \ \ / /
| |_) | _| / _ \ | | | \ V /
| _ <| |___ / ___ \| |_| || |
|_| \_\_____/_/ \_\____/ |_|
>
2022-05-17 16:55:04,681 WARN
[org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
- <1 errors, 0 successes>
2022-05-17 16:55:13,354 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: {result=Service Access Granted, service=https://example.com/index.php,
requiredAttributes={}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue May 17 16:55:13 CEST 2022
CLIENT IP ADDRESS: X.X.X.X
SERVER IP ADDRESS: X.X.X.X
=============================================================
>
2022-05-17 16:55:13,367 INFO
[org.apereo.cas.authentication.DefaultAuthenticationManager] -
<[LdapAuthenticationHandler] exception details: [Unable to resolve user dn for
userxxxx].>
2022-05-17 16:55:13,368 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: userxxxx
WHAT: [UsernamePasswordCredential(username= userxxxx , source=null,
customFields={})]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Tue May 17 16:55:13 CEST 2022
CLIENT IP ADDRESS: X.X.X.X
SERVER IP ADDRESS: X.X.X.X
=============================================================
>
2022-05-17 16:55:13,368 WARN
[org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
- <1 errors, 0 successes>
also find my cas.properties
cas.server.name<http://cas.server.name>=https://192.168.143.203:8443
cas.server.prefix=${cas.server.name<http://cas.server.name>}/cas
logging.config=file:/etc/cas/config/log4j2.xml
cas.authn.accept.enabled=false
### Desactivation des comptes locaux
cas.authn.accept.users=
### Connexion LDAP
#cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].useSsl=false
### Credential to connect to LDAP
cas.authn.ldap[0].ldapUrl=ldap://192.168.143.200:389<http://192.168.143.200:389>
cas.authn.ldap[0].bindDn=cn=admin,dc=example,dc=com
cas.authn.ldap[0].bindCredential=xxxxxxxx
cas.authn.ldap[0].baseDn=ou=people,dc=example,dc=com
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].searchFilter=supannAliasLogin={%s}
# peut-être optionnel
cas.authn.ldap[0].principalAttributeId=supannAliasLogin
cas.serviceRegistry.json.location: file:/etc/cas/services
please if someone can help me?
--------------------
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]<mailto:[email protected]>
I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory
the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose
historical relationships with the land continue to this day.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to a topic in the Google
Groups "CAS Community" group.
To unsubscribe from this topic, visit
https://groups.google.com/a/apereo.org/d/topic/cas-user/j-xKydm0vI8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
[email protected]<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/375c36d83561da185d101fe03b2b5f55873d327d.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/375c36d83561da185d101fe03b2b5f55873d327d.camel%40uvic.ca?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected]<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFRbquYGM06%3Do_gR9-cT0f3bPBqYGqp0gA4A_SpOkyN6VtbGAg%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFRbquYGM06%3Do_gR9-cT0f3bPBqYGqp0gA4A_SpOkyN6VtbGAg%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/56ad22025148427e93f32243ebdcd120%40mun.ca.
