I have scheme and port, same as you. I do not have use-start-tls nor use-ssl (which only shows up in cas code for some databases and caches).
You may not need those settings. Ray On Thu, 2022-11-17 at 07:16 -0800, BenDDD wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi Ray, I have already looked at the settings available via the "./gradlew exportConfigMetadata" command and the only one that might match would be "cas.authn.ldap[].use-start-tls:": grep cas.authn.ldap /opt/cas-overlay-template/config-metadata.properties | grep ssl no results grep cas.authn.ldap /opt/cas-overlay-template/config-metadata.properties | grep tls # cas.authn.ldap[].use-start-tls: But if I enable it, the service does not no longer starts: [2022-11-17 16:01:49] [info] #033[1;31m2022-11-17 16:01:49,819 ERROR [org.ldaptive.transport.netty.NettyConnection] - <Connection open failed for org.ldaptive.transport.netty.NettyConnection@1210233213::ldapUrl=[org.ldaptive.LdapURL@-650620971::scheme=ldaps, hostname=dc1.lan.esiee.fr, port=636, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=null, connectionConfig=[org.ldaptive.ConnectionConfig@435906735::ldapUrl=ldaps://dc1.lan.esiee.fr:636, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$3019/0x000000084142b040@4a912cfa, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@1909400171::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@51b23e6e, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=true, connectionInitializers=[org.ldaptive.BindConnectionInitializer@171193219::bindDn=cn=LDAP,ou=comptes_services,ou=utilisateurs,dc=lan,dc=esiee,dc=fr, bindSaslConfig=null, bindControls=null], connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@323918567::ldapURLSet=[org.ldaptive.LdapURLSet@1350275720::active=[], inactive=[[org.ldaptive.LdapURL@-650620971::scheme=ldaps, hostname=dc1.lan.esiee.fr, port=636, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$3026/0x0000000841458440@182e3aa3, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$3022/0x000000084142ac40@7fd002e3, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0x73272efc, L:/147.215.150.77:60890 - R:dc1.lan.esiee.fr/147.215.1.111:636]>#033[m [2022-11-17 16:01:49] [info] org.ldaptive.ConnectException: SslHandler is already in use [2022-11-17 16:01:49] [info] #011at org.ldaptive.transport.netty.NettyConnection.operation(NettyConnection.java:530) ~[ldaptive-2.1.1.jar:?] [2022-11-17 16:01:49] [info] #011at org.ldaptive.transport.netty.NettyConnection.open(NettyConnection.java:301) ~[ldaptive-2.1.1.jar:?] [2022-11-17 16:01:49] [info] #011at org.ldaptive.transport.netty.NettyConnection.test(NettyConnection.java:264) ~[ldaptive-2.1.1.jar:?] [2022-11-17 16:01:49] [info] #011at org.ldaptive.LdapURLActivatorService.testInactiveUrls(LdapURLActivatorService.java:107) ~[ldaptive-2.1.1.jar:?] Le mercredi 16 novembre 2022 à 21:34:28 UTC+1, Ray Bon a écrit : I do not see it in the properties manifest. ./gradlew exportConfigMetadata will output all cas properties to a file. ./gradlew tasks will show other commands that can be helpful. Ray On Wed, 2022-11-16 at 11:35 -0800, BenDDD wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi Ray, Thank you for your answer. My bad, i commented out the two settings again to copy the logs and the service started fine. Does disabling the "cas.authn.ldap[0].usessl = true" setting disable encryption? Le mercredi 16 novembre 2022 à 18:47:00 UTC+1, Ray Bon a écrit : What is the error message when that property is commented out? Ray On Wed, 2022-11-16 at 08:39 -0800, BenDDD wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi everyone, Our CAS service is running but the logs show a message about LDAP settings: [2022-11-16 17:12:54] [info] Failed to bind properties under 'cas' to org.apereo.cas.configuration.CasConfigurationProperties [2022-11-16 17:12:54] [info] #011cas.authn.ldap[0].providerclass = org.ldaptive.provider.unboundid.UnboundIDProvider (Origin: "cas.authn.ldap[0].providerClass" from property source "bootstrapProperties-casCompositePropertySource") [2022-11-16 17:12:54] [info] #011cas.authn.ldap[0].usessl = true (Origin: "cas.authn.ldap[0].useSsl" from property source "bootstrapProperties-casCompositePropertySource") [2022-11-16 17:12:54] [info] Listed settings above are no longer recognized by CAS 6.6.2. They may have been renamed, removed, or relocated to a new namespace in the CAS configuration schema. CAS will ignore such settings to proceed with its normal initialization sequence. Please consult the CAS documentation to review and adjust each setting to find an alternative or remove the definition from the property source. Failure to do so puts the server stability in danger and complicates future upgrades. It is specified that these settings are ignored but if I comment out the line "cas.authn.ldap\[0\].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider" in cas.properties, the service no longer starts. I did not find in the documentation information concerning a removal, or a renaming of this settings in an earlier version. Does anyone know what the correct settings to use? Thanks in advance. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/958fdd8026f33a520f7e232718d623e7706ae8a9.camel%40uvic.ca.