Hi Ray,
I have already looked at the settings available via the "./gradlew
exportConfigMetadata" command and the only one that might match would be
"cas.authn.ldap[].use-start-tls:":
grep cas.authn.ldap /opt/cas-overlay-template/config-metadata.properties |
grep ssl
no results
grep cas.authn.ldap /opt/cas-overlay-template/config-metadata.properties |
grep tls
# cas.authn.ldap[].use-start-tls:
But if I enable it, the service does not no longer starts:
[2022-11-17 16:01:49] [info] #033[1;31m2022-11-17 16:01:49,819 ERROR
[org.ldaptive.transport.netty.NettyConnection] - <Connection open failed
for
org.ldaptive.transport.netty.NettyConnection@1210233213::ldapUrl=[org.ldaptive.LdapURL@-650620971::scheme=ldaps,
hostname=dc1.lan.esiee.fr, port=636, baseDn=null, attributes=null,
scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=null,
connectionConfig=[org.ldaptive.ConnectionConfig@435906735::ldapUrl=ldaps://dc1.lan.esiee.fr:636,
connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M,
autoReconnect=true,
autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$3019/0x000000084142b040@4a912cfa,
autoReplay=true,
sslConfig=[org.ldaptive.ssl.SslConfig@1909400171::credentialConfig=null,
trustManagers=null,
hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@51b23e6e,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=true,
connectionInitializers=[org.ldaptive.BindConnectionInitializer@171193219::bindDn=cn=LDAP,ou=comptes_services,ou=utilisateurs,dc=lan,dc=esiee,dc=fr,
bindSaslConfig=null, bindControls=null],
connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@323918567::ldapURLSet=[org.ldaptive.LdapURLSet@1350275720::active=[],
inactive=[[org.ldaptive.LdapURL@-650620971::scheme=ldaps,
hostname=dc1.lan.esiee.fr, port=636, baseDn=null, attributes=null,
scope=null, filter=null, inetAddress=null]]],
activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$3026/0x0000000841458440@182e3aa3,
retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$3022/0x000000084142ac40@7fd002e3,
initialized=true], connectionValidator=null, transportOptions={}],
channel=[id: 0x73272efc, L:/147.215.150.77:60890 -
R:dc1.lan.esiee.fr/147.215.1.111:636]>#033[m
[2022-11-17 16:01:49] [info] org.ldaptive.ConnectException: SslHandler is
already in use
[2022-11-17 16:01:49] [info] #011at
org.ldaptive.transport.netty.NettyConnection.operation(NettyConnection.java:530)
~[ldaptive-2.1.1.jar:?]
[2022-11-17 16:01:49] [info] #011at
org.ldaptive.transport.netty.NettyConnection.open(NettyConnection.java:301)
~[ldaptive-2.1.1.jar:?]
[2022-11-17 16:01:49] [info] #011at
org.ldaptive.transport.netty.NettyConnection.test(NettyConnection.java:264)
~[ldaptive-2.1.1.jar:?]
[2022-11-17 16:01:49] [info] #011at
org.ldaptive.LdapURLActivatorService.testInactiveUrls(LdapURLActivatorService.java:107)
~[ldaptive-2.1.1.jar:?]
Le mercredi 16 novembre 2022 à 21:34:28 UTC+1, Ray Bon a écrit :
> I do not see it in the properties manifest.
>
> ./gradlew exportConfigMetadata
>
> will output all cas properties to a file.
>
> ./gradlew tasks
>
> will show other commands that can be helpful.
>
> Ray
>
> On Wed, 2022-11-16 at 11:35 -0800, BenDDD wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Hi Ray,
>
> Thank you for your answer.
>
> My bad, i commented out the two settings again to copy the logs and the
> service started fine.
>
> Does disabling the "cas.authn.ldap[0].usessl = true" setting disable
> encryption?
>
> Le mercredi 16 novembre 2022 à 18:47:00 UTC+1, Ray Bon a écrit :
>
> What is the error message when that property is commented out?
>
> Ray
>
> On Wed, 2022-11-16 at 08:39 -0800, BenDDD wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
>
> Hi everyone,
>
> Our CAS service is running but the logs show a message about LDAP settings:
>
> [2022-11-16 17:12:54] [info] Failed to bind properties under 'cas' to
> org.apereo.cas.configuration.CasConfigurationProperties
> [2022-11-16 17:12:54] [info] #011cas.authn.ldap[0].providerclass =
> org.ldaptive.provider.unboundid.UnboundIDProvider (Origin:
> "cas.authn.ldap[0].providerClass" from property source
> "bootstrapProperties-casCompositePropertySource")
> [2022-11-16 17:12:54] [info] #011cas.authn.ldap[0].usessl = true (Origin:
> "cas.authn.ldap[0].useSsl" from property source
> "bootstrapProperties-casCompositePropertySource")
> [2022-11-16 17:12:54] [info] Listed settings above are no longer
> recognized by CAS 6.6.2. They may have been renamed, removed, or relocated
> to a new namespace in the CAS configuration schema. CAS will ignore such
> settings to proceed with its normal initialization sequence. Please consult
> the CAS documentation to review and adjust each setting to find an
> alternative or remove the definition from the property source. Failure to
> do so puts the server stability in danger and complicates future upgrades.
>
> It is specified that these settings are ignored but if I comment out the
> line
> "cas.authn.ldap\[0\].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider"
>
> in cas.properties, the service no longer starts.
>
> I did not find in the documentation information concerning a removal, or a
> renaming of this settings in an earlier version.
>
> Does anyone know what the correct settings to use?
>
> Thanks in advance.
>
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0f0eed6c-7a65-46bf-b2a8-36cab18cfe64n%40apereo.org.
