Hi Ray,
I have already looked at the settings available via the "./gradlew
exportConfigMetadata" command and the only one that might match would be
"cas.authn.ldap[].use-start-tls:":
grep cas.authn.ldap /opt/cas-overlay-template/config-metadata.properties |
grep ssl
no results
grep cas.authn.ldap /opt/cas-overlay-template/config-metadata.properties |
grep tls
# cas.authn.ldap[].use-start-tls:
But if I enable it, the service does not no longer starts:
[2022-11-17 16:01:49] [info] #033[1;31m2022-11-17 16:01:49,819 ERROR
[org.ldaptive.transport.netty.NettyConnection] - <Connection open failed
for
org.ldaptive.transport.netty.NettyConnection@1210233213::ldapUrl=[org.ldaptive.LdapURL@-650620971::scheme=ldaps,
hostname=dc1.lan.esiee.fr, port=636, baseDn=null, attributes=null,
scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=null,
connectionConfig=[org.ldaptive.ConnectionConfig@435906735::ldapUrl=ldaps://dc1.lan.esiee.fr:636,
connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M,
autoReconnect=true,
autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$3019/0x000000084142b040@4a912cfa,
autoReplay=true,
sslConfig=[org.ldaptive.ssl.SslConfig@1909400171::credentialConfig=null,
trustManagers=null,
hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@51b23e6e,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=true,
connectionInitializers=[org.ldaptive.BindConnectionInitializer@171193219::bindDn=cn=LDAP,ou=comptes_services,ou=utilisateurs,dc=lan,dc=esiee,dc=fr,
bindSaslConfig=null, bindControls=null],
connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@323918567::ldapURLSet=[org.ldaptive.LdapURLSet@1350275720::active=[],
inactive=[[org.ldaptive.LdapURL@-650620971::scheme=ldaps,
hostname=dc1.lan.esiee.fr, port=636, baseDn=null, attributes=null,
scope=null, filter=null, inetAddress=null]]],
activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$3026/0x0000000841458440@182e3aa3,
retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$3022/0x000000084142ac40@7fd002e3,
initialized=true], connectionValidator=null, transportOptions={}],
channel=[id: 0x73272efc, L:/147.215.150.77:60890 -
R:dc1.lan.esiee.fr/147.215.1.111:636]>#033[m
[2022-11-17 16:01:49] [info] org.ldaptive.ConnectException: SslHandler is
already in use
[2022-11-17 16:01:49] [info] #011at
org.ldaptive.transport.netty.NettyConnection.operation(NettyConnection.java:530)
~[ldaptive-2.1.1.jar:?]
[2022-11-17 16:01:49] [info] #011at
org.ldaptive.transport.netty.NettyConnection.open(NettyConnection.java:301)
~[ldaptive-2.1.1.jar:?]
[2022-11-17 16:01:49] [info] #011at
org.ldaptive.transport.netty.NettyConnection.test(NettyConnection.java:264)
~[ldaptive-2.1.1.jar:?]
[2022-11-17 16:01:49] [info] #011at
org.ldaptive.LdapURLActivatorService.testInactiveUrls(LdapURLActivatorService.java:107)
~[ldaptive-2.1.1.jar:?]
Le mercredi 16 novembre 2022 à 21:34:28 UTC+1, Ray Bon a écrit :
> I do not see it in the properties manifest.
>
> ./gradlew exportConfigMetadata
>
> will output all cas properties to a file.
>
> ./gradlew tasks
>
> will show other commands that can be helpful.
>
> Ray
>
> On Wed, 2022-11-16 at 11:35 -0800, BenDDD wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Hi Ray,
>
> Thank you for your answer.
>
> My bad, i commented out the two settings again to copy the logs and the
> service started fine.
>
> Does disabling the "cas.authn.ldap[0].usessl = true" setting disable
> encryption?
>
> Le mercredi 16 novembre 2022 à 18:47:00 UTC+1, Ray Bon a écrit :
>
> What is the error message when that property is commented out?
>
> Ray
>
> On Wed, 2022-11-16 at 08:39 -0800, BenDDD wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
>
> Hi everyone,
>
> Our CAS service is running but the logs show a message about LDAP settings:
>
> [2022-11-16 17:12:54] [info] Failed to bind properties under 'cas' to
> org.apereo.cas.configuration.CasConfigurationProperties
> [2022-11-16 17:12:54] [info] #011cas.authn.ldap[0].providerclass =
> org.ldaptive.provider.unboundid.UnboundIDProvider (Origin:
> "cas.authn.ldap[0].providerClass" from property source
> "bootstrapProperties-casCompositePropertySource")
> [2022-11-16 17:12:54] [info] #011cas.authn.ldap[0].usessl = true (Origin:
> "cas.authn.ldap[0].useSsl" from property source
> "bootstrapProperties-casCompositePropertySource")
> [2022-11-16 17:12:54] [info] Listed settings above are no longer
> recognized by CAS 6.6.2. They may have been renamed, removed, or relocated
> to a new namespace in the CAS configuration schema. CAS will ignore such
> settings to proceed with its normal initialization sequence. Please consult
> the CAS documentation to review and adjust each setting to find an
> alternative or remove the definition from the property source. Failure to
> do so puts the server stability in danger and complicates future upgrades.
>
> It is specified that these settings are ignored but if I comment out the
> line
> "cas.authn.ldap\[0\].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider"
>
> in cas.properties, the service no longer starts.
>
> I did not find in the documentation information concerning a removal, or a
> renaming of this settings in an earlier version.
>
> Does anyone know what the correct settings to use?
>
> Thanks in advance.
>
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0f0eed6c-7a65-46bf-b2a8-36cab18cfe64n%40apereo.org.
