I have scheme and port, same as you. I do not have use-start-tls nor use-ssl
(which only shows up in cas code for some databases and caches).
You may not need those settings.
Ray
On Thu, 2022-11-17 at 07:16 -0800, BenDDD wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Hi Ray,
I have already looked at the settings available via the "./gradlew
exportConfigMetadata" command and the only one that might match would be
"cas.authn.ldap[].use-start-tls:":
grep cas.authn.ldap /opt/cas-overlay-template/config-metadata.properties | grep
ssl
no results
grep cas.authn.ldap /opt/cas-overlay-template/config-metadata.properties | grep
tls
# cas.authn.ldap[].use-start-tls:
But if I enable it, the service does not no longer starts:
[2022-11-17 16:01:49] [info] #033[1;31m2022-11-17 16:01:49,819 ERROR
[org.ldaptive.transport.netty.NettyConnection] - <Connection open failed for
org.ldaptive.transport.netty.NettyConnection@1210233213::ldapUrl=[org.ldaptive.LdapURL@-650620971::scheme=ldaps,
hostname=dc1.lan.esiee.fr, port=636, baseDn=null, attributes=null, scope=null,
filter=null, inetAddress=null], isOpen=true, connectTime=null,
connectionConfig=[org.ldaptive.ConnectionConfig@435906735::ldapUrl=ldaps://dc1.lan.esiee.fr:636,
connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M,
autoReconnect=true,
autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$3019/0x000000084142b040@4a912cfa,
autoReplay=true,
sslConfig=[org.ldaptive.ssl.SslConfig@1909400171::credentialConfig=null,
trustManagers=null,
hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@51b23e6e,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=true,
connectionInitializers=[org.ldaptive.BindConnectionInitializer@171193219::bindDn=cn=LDAP,ou=comptes_services,ou=utilisateurs,dc=lan,dc=esiee,dc=fr,
bindSaslConfig=null, bindControls=null],
connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@323918567::ldapURLSet=[org.ldaptive.LdapURLSet@1350275720::active=[],
inactive=[[org.ldaptive.LdapURL@-650620971::scheme=ldaps,
hostname=dc1.lan.esiee.fr, port=636, baseDn=null, attributes=null, scope=null,
filter=null, inetAddress=null]]],
activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$3026/0x0000000841458440@182e3aa3,
retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$3022/0x000000084142ac40@7fd002e3,
initialized=true], connectionValidator=null, transportOptions={}],
channel=[id: 0x73272efc, L:/147.215.150.77:60890 -
R:dc1.lan.esiee.fr/147.215.1.111:636]>#033[m
[2022-11-17 16:01:49] [info] org.ldaptive.ConnectException: SslHandler is
already in use
[2022-11-17 16:01:49] [info] #011at
org.ldaptive.transport.netty.NettyConnection.operation(NettyConnection.java:530)
~[ldaptive-2.1.1.jar:?]
[2022-11-17 16:01:49] [info] #011at
org.ldaptive.transport.netty.NettyConnection.open(NettyConnection.java:301)
~[ldaptive-2.1.1.jar:?]
[2022-11-17 16:01:49] [info] #011at
org.ldaptive.transport.netty.NettyConnection.test(NettyConnection.java:264)
~[ldaptive-2.1.1.jar:?]
[2022-11-17 16:01:49] [info] #011at
org.ldaptive.LdapURLActivatorService.testInactiveUrls(LdapURLActivatorService.java:107)
~[ldaptive-2.1.1.jar:?]
Le mercredi 16 novembre 2022 à 21:34:28 UTC+1, Ray Bon a écrit :
I do not see it in the properties manifest.
./gradlew exportConfigMetadata
will output all cas properties to a file.
./gradlew tasks
will show other commands that can be helpful.
Ray
On Wed, 2022-11-16 at 11:35 -0800, BenDDD wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Hi Ray,
Thank you for your answer.
My bad, i commented out the two settings again to copy the logs and the service
started fine.
Does disabling the "cas.authn.ldap[0].usessl = true" setting disable encryption?
Le mercredi 16 novembre 2022 à 18:47:00 UTC+1, Ray Bon a écrit :
What is the error message when that property is commented out?
Ray
On Wed, 2022-11-16 at 08:39 -0800, BenDDD wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Hi everyone,
Our CAS service is running but the logs show a message about LDAP settings:
[2022-11-16 17:12:54] [info] Failed to bind properties under 'cas' to
org.apereo.cas.configuration.CasConfigurationProperties
[2022-11-16 17:12:54] [info] #011cas.authn.ldap[0].providerclass =
org.ldaptive.provider.unboundid.UnboundIDProvider (Origin:
"cas.authn.ldap[0].providerClass" from property source
"bootstrapProperties-casCompositePropertySource")
[2022-11-16 17:12:54] [info] #011cas.authn.ldap[0].usessl = true (Origin:
"cas.authn.ldap[0].useSsl" from property source
"bootstrapProperties-casCompositePropertySource")
[2022-11-16 17:12:54] [info] Listed settings above are no longer recognized by
CAS 6.6.2. They may have been renamed, removed, or relocated to a new namespace
in the CAS configuration schema. CAS will ignore such settings to proceed with
its normal initialization sequence. Please consult the CAS documentation to
review and adjust each setting to find an alternative or remove the definition
from the property source. Failure to do so puts the server stability in danger
and complicates future upgrades.
It is specified that these settings are ignored but if I comment out the line
"cas.authn.ldap\[0\].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider"
in cas.properties, the service no longer starts.
I did not find in the documentation information concerning a removal, or a
renaming of this settings in an earlier version.
Does anyone know what the correct settings to use?
Thanks in advance.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/958fdd8026f33a520f7e232718d623e7706ae8a9.camel%40uvic.ca.
