Re: [cas-user] Re: CAS Management Overlay 6.5 LDAP Issues?
I was not quite done the previous email.
cas.authn.ldap[0]...
cas.authn.ldap[1]...
etc.
Ray
On Tue, 2022-02-08 at 10:13 -0800, Michael Santangelo wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
I changed my config to:
cas.authn.ldap[0].order=0
cas.authn.ldap[0].name=Tech Active Directory
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldap://:389
cas.authn.ldap[0].validatePeriod=270
cas.authn.ldap[0].poolPassivator=NONE
cas.authn.ldap[0].searchFilter=sAMAccountName={user}
cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
cas.authn.ldap[0].dnFormat=CN=%s,OU=Technology,OU=Staff,DC=...
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].bindDn=CN=casbind,CN=Users,DC=...
cas.authn.ldap[0].bindCredential=
And now it's working for people in that OU... Time to see if I can expand it to
the entire Staff OU...
On Tuesday, February 8, 2022 at 11:03:31 AM UTC-5 Michael Santangelo wrote:
Hello all,
Forgive me for this, I'm brand new to CAS and I'm trying to get LDAP working.
I built an Ubuntu VM and did initial setup by doing:
1. git clone https://github.com/apereo/cas-overlay-template
2. I did some initial config changes in the cas.properties to get SSL up and
running
3. Ran sudo ./gradlew clean copyCasConfiguration build run
4. I can login using the casuser and the default password as expected. This
part is all working fine.
So I tried adding LDAP support by:
1. Modify build.gradle by adding
implementation
"org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
to the dependencies section.
2. Modify cas.properties by adding:
# Disable casuser
cas.authn.accept.users=
# LDAP Servers Authenticated
cas.authn.ldap[0].ldapUrl=ldap://:389
#cas.authn.ldap[0].usessl=false
cas.authn.ldap[0].useStartTls=false
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].bindDn=cn=cas bind,CN=Users,DC=...
cas.authn.ldap[0].bindCredential=
# LDAP Servers Authenticated
# Search For CAS User
cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
cas.authn.ldap[0].subtreeSearch=true
#cas.authn.ldap[0].searchFilter=(&(objectClass=person)(uid={user}))
#cas.authn.ldap[0].searchFilter=uid={user}
cas.authn.ldap[0].searchFilter=sAMAaccountName={user}
#cas.authn.ldap[0].principalAttributeList=cn,givenName,mail,sn
# Search for CAS User
3. Ran sudo ./gradlew clean copyCasConfiguration build run
The page loads as usual. I am unable to login as casuser, which is expected.
I cannot login with any domain credentials.
In the log I get an error:
2022-02-08 15:43:49,567 INFO
[org.apereo.cas.authentication.DefaultAuthenticationManager] -
<[LdapAuthenticationHandler] exception details: [Unable to resolve user dn for
].>
So I tried to verify that the server can connect via LDAP:
ldapsearch -H ldap://:389 -D "CN=cas bind,CN=Users,DC=..." -W
samaccountname= -b "OU=Technology,OU=Staff,DC=..." -v
And I receive a valid result.
I'm not sure where the disconnect is, or what else I should search for. Any
tips or suggestions that you could provide would be helpful.
I'm attaching the output of Task :run.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca
I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory
the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose
historical relationships with the land continue to this day.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f58a9f3248ab49ae7a9afaddfa43d671f86b18d8.camel%40uvic.ca.
Re: [cas-user] Re: CAS Management Overlay 6.5 LDAP Issues?
The finalized working bit for Active Directory LDAP was:
# Working LDAP Auth
cas.authn.ldap[0].order=0
cas.authn.ldap[0].name=Active Directory
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldap://:389
cas.authn.ldap[0].validatePeriod=270
cas.authn.ldap[0].poolPassivator=NONE
cas.authn.ldap[0].searchFilter=sAMAccountName={user}
cas.authn.ldap[0].baseDn=OU=Staff,DC=...
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].bindDn=CN=casbind,CN=Users,DC=...
cas.authn.ldap[0].bindCredential=
# Working LDAP Auth
:D
I even got Duo MFA working today. Thanks all!
On Tuesday, February 8, 2022 at 3:55:18 PM UTC-5 Felix Schumacher wrote:
> Are you sure, that you need to set dnFormat? If you have users in
> different ou's, it will be difficult to use with a template as cn=%s,ou=...
> and should not the dn be found by the searchFilter?
>
> Felix
> Am 08.02.22 um 19:13 schrieb Michael Santangelo:
>
> I changed my config to:
>
> cas.authn.ldap[0].order=0
> cas.authn.ldap[0].name=Tech Active Directory
> cas.authn.ldap[0].type=AD
> cas.authn.ldap[0].ldapUrl=ldap://:389
> cas.authn.ldap[0].validatePeriod=270
> cas.authn.ldap[0].poolPassivator=NONE
> cas.authn.ldap[0].searchFilter=sAMAccountName={user}
> cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
> cas.authn.ldap[0].dnFormat=CN=%s,OU=Technology,OU=Staff,DC=...
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].bindDn=CN=casbind,CN=Users,DC=...
> cas.authn.ldap[0].bindCredential=
>
> And now it's working for people in that OU... Time to see if I can expand
> it to the entire Staff OU...
>
> On Tuesday, February 8, 2022 at 11:03:31 AM UTC-5 Michael Santangelo wrote:
>
>> Hello all,
>>
>> Forgive me for this, I'm brand new to CAS and I'm trying to get LDAP
>> working.
>>
>> I built an Ubuntu VM and did initial setup by doing:
>>
>>1. git clone https://github.com/apereo/cas-overlay-template
>>2. I did some initial config changes in the cas.properties to get SSL
>>up and running
>>3. Ran sudo ./gradlew clean copyCasConfiguration build run
>>4. I can login using the casuser and the default password as
>>expected. This part is all working fine.
>>
>> So I tried adding LDAP support by:
>>
>>1. Modify build.gradle by adding
>>implementation
>>"org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
>>to the dependencies section.
>>2. Modify cas.properties by adding:
>># Disable casuser
>>cas.authn.accept.users=
>># LDAP Servers Authenticated
>>cas.authn.ldap[0].ldapUrl=ldap://:389
>>#cas.authn.ldap[0].usessl=false
>>cas.authn.ldap[0].useStartTls=false
>>cas.authn.ldap[0].type=AUTHENTICATED
>>cas.authn.ldap[0].bindDn=cn=cas bind,CN=Users,DC=...
>>cas.authn.ldap[0].bindCredential=
>># LDAP Servers Authenticated
>>
>># Search For CAS User
>>cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
>>cas.authn.ldap[0].subtreeSearch=true
>>#cas.authn.ldap[0].searchFilter=(&(objectClass=person)(uid={user}))
>>#cas.authn.ldap[0].searchFilter=uid={user}
>>cas.authn.ldap[0].searchFilter=sAMAaccountName={user}
>>#cas.authn.ldap[0].principalAttributeList=cn,givenName,mail,sn
>># Search for CAS User
>>3. Ran sudo ./gradlew clean copyCasConfiguration build run
>>
>> The page loads as usual. I am unable to login as casuser, which is
>> expected. I cannot login with any domain credentials.
>>
>> In the log I get an error:
>> 2022-02-08 15:43:49,567 INFO
>> [org.apereo.cas.authentication.DefaultAuthenticationManager] -
>> <[LdapAuthenticationHandler] exception details: [Unable to resolve user dn
>> for ].>
>>
>> So I tried to verify that the server can connect via LDAP:
>>
>> ldapsearch -H ldap://:389 -D "CN=cas
>> bind,CN=Users,DC=..." -W samaccountname= -b
>> "OU=Technology,OU=Staff,DC=..." -v
>>
>> And I receive a valid result.
>>
>> I'm not sure where the disconnect is, or what else I should search for.
>> Any tips or suggestions that you could provide would be helpful.
>>
>> I'm attaching the output of Task :run.
>>
> --
>
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+u...@apereo.org.
>
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/bff98751-3a50-4786-81a9-cc38a6228cc4n%40apereo.org
>
>
> .
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
-
Re: [cas-user] Re: CAS Management Overlay 6.5 LDAP Issues?
Michael,
To follow up on Felix's post.
You can create multiple ldap (ldap entries, one for each ou. cas will search
them the order they are in your properties file.
Ray
On Tue, 2022-02-08 at 10:13 -0800, Michael Santangelo wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
I changed my config to:
cas.authn.ldap[0].order=0
cas.authn.ldap[0].name=Tech Active Directory
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldap://:389
cas.authn.ldap[0].validatePeriod=270
cas.authn.ldap[0].poolPassivator=NONE
cas.authn.ldap[0].searchFilter=sAMAccountName={user}
cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
cas.authn.ldap[0].dnFormat=CN=%s,OU=Technology,OU=Staff,DC=...
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].bindDn=CN=casbind,CN=Users,DC=...
cas.authn.ldap[0].bindCredential=
And now it's working for people in that OU... Time to see if I can expand it to
the entire Staff OU...
On Tuesday, February 8, 2022 at 11:03:31 AM UTC-5 Michael Santangelo wrote:
Hello all,
Forgive me for this, I'm brand new to CAS and I'm trying to get LDAP working.
I built an Ubuntu VM and did initial setup by doing:
1. git clone https://github.com/apereo/cas-overlay-template
2. I did some initial config changes in the cas.properties to get SSL up and
running
3. Ran sudo ./gradlew clean copyCasConfiguration build run
4. I can login using the casuser and the default password as expected. This
part is all working fine.
So I tried adding LDAP support by:
1. Modify build.gradle by adding
implementation
"org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
to the dependencies section.
2. Modify cas.properties by adding:
# Disable casuser
cas.authn.accept.users=
# LDAP Servers Authenticated
cas.authn.ldap[0].ldapUrl=ldap://:389
#cas.authn.ldap[0].usessl=false
cas.authn.ldap[0].useStartTls=false
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].bindDn=cn=cas bind,CN=Users,DC=...
cas.authn.ldap[0].bindCredential=
# LDAP Servers Authenticated
# Search For CAS User
cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
cas.authn.ldap[0].subtreeSearch=true
#cas.authn.ldap[0].searchFilter=(&(objectClass=person)(uid={user}))
#cas.authn.ldap[0].searchFilter=uid={user}
cas.authn.ldap[0].searchFilter=sAMAaccountName={user}
#cas.authn.ldap[0].principalAttributeList=cn,givenName,mail,sn
# Search for CAS User
3. Ran sudo ./gradlew clean copyCasConfiguration build run
The page loads as usual. I am unable to login as casuser, which is expected.
I cannot login with any domain credentials.
In the log I get an error:
2022-02-08 15:43:49,567 INFO
[org.apereo.cas.authentication.DefaultAuthenticationManager] -
<[LdapAuthenticationHandler] exception details: [Unable to resolve user dn for
].>
So I tried to verify that the server can connect via LDAP:
ldapsearch -H ldap://:389 -D "CN=cas bind,CN=Users,DC=..." -W
samaccountname= -b "OU=Technology,OU=Staff,DC=..." -v
And I receive a valid result.
I'm not sure where the disconnect is, or what else I should search for. Any
tips or suggestions that you could provide would be helpful.
I'm attaching the output of Task :run.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca
I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory
the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose
historical relationships with the land continue to this day.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e35a3b68aac5bc9c6a3684e36340bd5e69460ae4.camel%40uvic.ca.
Re: [cas-user] Re: CAS Management Overlay 6.5 LDAP Issues?
I think you should use only one entry for "type". (Currently you will
probably use AUTHENTICATED)
Felix
Am 08.02.22 um 22:07 schrieb Michael Santangelo:
The finalized working bit for Active Directory LDAP was:
# Working LDAP Auth
cas.authn.ldap[0].order=0
cas.authn.ldap[0].name=Active Directory
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldap://:389
cas.authn.ldap[0].validatePeriod=270
cas.authn.ldap[0].poolPassivator=NONE
cas.authn.ldap[0].searchFilter=sAMAccountName={user}
cas.authn.ldap[0].baseDn=OU=Staff,DC=...
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].bindDn=CN=casbind,CN=Users,DC=...
cas.authn.ldap[0].bindCredential=
# Working LDAP Auth
:D
I even got Duo MFA working today. Thanks all!
On Tuesday, February 8, 2022 at 3:55:18 PM UTC-5 Felix Schumacher wrote:
Are you sure, that you need to set dnFormat? If you have users in
different ou's, it will be difficult to use with a template as
cn=%s,ou=... and should not the dn be found by the searchFilter?
Felix
Am 08.02.22 um 19:13 schrieb Michael Santangelo:
I changed my config to:
cas.authn.ldap[0].order=0
cas.authn.ldap[0].name=Tech Active Directory
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldap://:389
cas.authn.ldap[0].validatePeriod=270
cas.authn.ldap[0].poolPassivator=NONE
cas.authn.ldap[0].searchFilter=sAMAccountName={user}
cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
cas.authn.ldap[0].dnFormat=CN=%s,OU=Technology,OU=Staff,DC=...
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].bindDn=CN=casbind,CN=Users,DC=...
cas.authn.ldap[0].bindCredential=
And now it's working for people in that OU... Time to see if I
can expand it to the entire Staff OU...
On Tuesday, February 8, 2022 at 11:03:31 AM UTC-5 Michael
Santangelo wrote:
Hello all,
Forgive me for this, I'm brand new to CAS and I'm trying to
get LDAP working.
I built an Ubuntu VM and did initial setup by doing:
1. git clone https://github.com/apereo/cas-overlay-template
2. I did some initial config changes in the cas.properties
to get SSL up and running
3. Ran sudo ./gradlew clean copyCasConfiguration build run
4. I can login using the casuser and the default password as
expected. This part is all working fine.
So I tried adding LDAP support by:
1. Modify build.gradle by adding
implementation
"org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
to the dependencies section.
2. Modify cas.properties by adding:
# Disable casuser
cas.authn.accept.users=
# LDAP Servers Authenticated
cas.authn.ldap[0].ldapUrl=ldap://:389
#cas.authn.ldap[0].usessl=false
cas.authn.ldap[0].useStartTls=false
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].bindDn=cn=cas bind,CN=Users,DC=...
cas.authn.ldap[0].bindCredential=
# LDAP Servers Authenticated
# Search For CAS User
cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
cas.authn.ldap[0].subtreeSearch=true
#cas.authn.ldap[0].searchFilter=(&(objectClass=person)(uid={user}))
#cas.authn.ldap[0].searchFilter=uid={user}
cas.authn.ldap[0].searchFilter=sAMAaccountName={user}
#cas.authn.ldap[0].principalAttributeList=cn,givenName,mail,sn
# Search for CAS User
3. Ran sudo ./gradlew clean copyCasConfiguration build run
The page loads as usual. I am unable to login as casuser,
which is expected. I cannot login with any domain credentials.
In the log I get an error:
2022-02-08 15:43:49,567 INFO
[org.apereo.cas.authentication.DefaultAuthenticationManager]
- <[LdapAuthenticationHandler] exception details: [Unable to
resolve user dn for ].>
So I tried to verify that the server can connect via LDAP:
ldapsearch -H ldap://:389 -D "CN=cas
bind,CN=Users,DC=..." -W samaccountname= -b
"OU=Technology,OU=Staff,DC=..." -v
And I receive a valid result.
I'm not sure where the disconnect is, or what else I should
search for. Any tips or suggestions that you could provide
would be helpful.
I'm attaching the output of Task :run.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the
Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to cas-user+u...@apereo.org.
To view this
[cas-user] SAML payload larger than expected (mod_auth_cas and proxy_fcgi)
I don't believe this is an issue with mod_auth_cas, but I could use some direction. A user with a large SAML memberships payload is not passing authentication due to the length: [proxy_fcgi:warn] [pid 750194] [client xxx.xxx.xxx.xxx:57500] AH02536: couldn't encode envvar 'HTTP_SAML_MEMBEROF' in 16384 bytes The total memberof attributes size is ~30 bytes, but I'm not sure where to increase this limit in the FCGI proxy module, or if, indeed, this is a good idea. For reference: https://sources.debian.org/src/apache2/2.4.10-10+deb8u12/modules/proxy/mod_proxy_fcgi.c/#L237 Has anyone else experienced this that could provide some pointers? Thank you! -Alan -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/21ad9c10-fab7-476f-b7d0-e3d8426c6e42n%40apereo.org.
Re: [cas-user] Re: CAS Management Overlay 6.5 LDAP Issues?
Are you sure, that you need to set dnFormat? If you have users in
different ou's, it will be difficult to use with a template as
cn=%s,ou=... and should not the dn be found by the searchFilter?
Felix
Am 08.02.22 um 19:13 schrieb Michael Santangelo:
I changed my config to:
cas.authn.ldap[0].order=0
cas.authn.ldap[0].name=Tech Active Directory
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldap://:389
cas.authn.ldap[0].validatePeriod=270
cas.authn.ldap[0].poolPassivator=NONE
cas.authn.ldap[0].searchFilter=sAMAccountName={user}
cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
cas.authn.ldap[0].dnFormat=CN=%s,OU=Technology,OU=Staff,DC=...
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].bindDn=CN=casbind,CN=Users,DC=...
cas.authn.ldap[0].bindCredential=
And now it's working for people in that OU... Time to see if I can
expand it to the entire Staff OU...
On Tuesday, February 8, 2022 at 11:03:31 AM UTC-5 Michael Santangelo
wrote:
Hello all,
Forgive me for this, I'm brand new to CAS and I'm trying to get
LDAP working.
I built an Ubuntu VM and did initial setup by doing:
1. git clone https://github.com/apereo/cas-overlay-template
2. I did some initial config changes in the cas.properties to get
SSL up and running
3. Ran sudo ./gradlew clean copyCasConfiguration build run
4. I can login using the casuser and the default password as
expected. This part is all working fine.
So I tried adding LDAP support by:
1. Modify build.gradle by adding
implementation
"org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
to the dependencies section.
2. Modify cas.properties by adding:
# Disable casuser
cas.authn.accept.users=
# LDAP Servers Authenticated
cas.authn.ldap[0].ldapUrl=ldap://:389
#cas.authn.ldap[0].usessl=false
cas.authn.ldap[0].useStartTls=false
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].bindDn=cn=cas bind,CN=Users,DC=...
cas.authn.ldap[0].bindCredential=
# LDAP Servers Authenticated
# Search For CAS User
cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
cas.authn.ldap[0].subtreeSearch=true
#cas.authn.ldap[0].searchFilter=(&(objectClass=person)(uid={user}))
#cas.authn.ldap[0].searchFilter=uid={user}
cas.authn.ldap[0].searchFilter=sAMAaccountName={user}
#cas.authn.ldap[0].principalAttributeList=cn,givenName,mail,sn
# Search for CAS User
3. Ran sudo ./gradlew clean copyCasConfiguration build run
The page loads as usual. I am unable to login as casuser, which
is expected. I cannot login with any domain credentials.
In the log I get an error:
2022-02-08 15:43:49,567 INFO
[org.apereo.cas.authentication.DefaultAuthenticationManager] -
<[LdapAuthenticationHandler] exception details: [Unable to resolve
user dn for ].>
So I tried to verify that the server can connect via LDAP:
ldapsearch -H ldap://:389 -D "CN=cas
bind,CN=Users,DC=..." -W samaccountname= -b
"OU=Technology,OU=Staff,DC=..." -v
And I receive a valid result.
I'm not sure where the disconnect is, or what else I should search
for. Any tips or suggestions that you could provide would be helpful.
I'm attaching the output of Task :run.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bff98751-3a50-4786-81a9-cc38a6228cc4n%40apereo.org
.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/dad9c50c-89b1-bb0a-acb4-40fda83823c1%40internetallee.de.
OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
[cas-user] Re: CAS Management Overlay 6.5 LDAP Issues?
Are you modifying the cas.properties created in /etc/cas or the one in your
project folder? I don't think you want to do a copyCasConfiguration on
each run as it will overwrite the cas.properies file in your /etc/cas folder
Anyhow, my config looks similar to yours. One think I did run a problem
with is the password policy. If you don't plan on managing passwords via
CAS then also use this setting:
cas.authn.ldap[0].passwordPolicy.enabled: false
On Tuesday, February 8, 2022 at 10:03:31 AM UTC-6 michael.s...@gmail.com
wrote:
> Hello all,
>
> Forgive me for this, I'm brand new to CAS and I'm trying to get LDAP
> working.
>
> I built an Ubuntu VM and did initial setup by doing:
>
>1. git clone https://github.com/apereo/cas-overlay-template
>2. I did some initial config changes in the cas.properties to get SSL
>up and running
>3. Ran sudo ./gradlew clean copyCasConfiguration build run
>4. I can login using the casuser and the default password as
>expected. This part is all working fine.
>
> So I tried adding LDAP support by:
>
>1. Modify build.gradle by adding
>implementation
>"org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
>to the dependencies section.
>2. Modify cas.properties by adding:
># Disable casuser
>cas.authn.accept.users=
># LDAP Servers Authenticated
>cas.authn.ldap[0].ldapUrl=ldap://:389
>#cas.authn.ldap[0].usessl=false
>cas.authn.ldap[0].useStartTls=false
>cas.authn.ldap[0].type=AUTHENTICATED
>cas.authn.ldap[0].bindDn=cn=cas bind,CN=Users,DC=...
>cas.authn.ldap[0].bindCredential=
># LDAP Servers Authenticated
>
># Search For CAS User
>cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
>cas.authn.ldap[0].subtreeSearch=true
>#cas.authn.ldap[0].searchFilter=(&(objectClass=person)(uid={user}))
>#cas.authn.ldap[0].searchFilter=uid={user}
>cas.authn.ldap[0].searchFilter=sAMAaccountName={user}
>#cas.authn.ldap[0].principalAttributeList=cn,givenName,mail,sn
># Search for CAS User
>3. Ran sudo ./gradlew clean copyCasConfiguration build run
>
> The page loads as usual. I am unable to login as casuser, which is
> expected. I cannot login with any domain credentials.
>
> In the log I get an error:
> 2022-02-08 15:43:49,567 INFO
> [org.apereo.cas.authentication.DefaultAuthenticationManager] -
> <[LdapAuthenticationHandler] exception details: [Unable to resolve user dn
> for ].>
>
> So I tried to verify that the server can connect via LDAP:
>
> ldapsearch -H ldap://:389 -D "CN=cas bind,CN=Users,DC=..."
> -W samaccountname= -b "OU=Technology,OU=Staff,DC=..." -v
>
> And I receive a valid result.
>
> I'm not sure where the disconnect is, or what else I should search for.
> Any tips or suggestions that you could provide would be helpful.
>
> I'm attaching the output of Task :run.
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/77fde6cb-b48b-40e9-9c70-c3bf6fcff6f6n%40apereo.org.
[cas-user] Re: CAS Management Overlay 6.5 LDAP Issues?
I changed my config to:
cas.authn.ldap[0].order=0
cas.authn.ldap[0].name=Tech Active Directory
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldap://:389
cas.authn.ldap[0].validatePeriod=270
cas.authn.ldap[0].poolPassivator=NONE
cas.authn.ldap[0].searchFilter=sAMAccountName={user}
cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
cas.authn.ldap[0].dnFormat=CN=%s,OU=Technology,OU=Staff,DC=...
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].bindDn=CN=casbind,CN=Users,DC=...
cas.authn.ldap[0].bindCredential=
And now it's working for people in that OU... Time to see if I can expand
it to the entire Staff OU...
On Tuesday, February 8, 2022 at 11:03:31 AM UTC-5 Michael Santangelo wrote:
> Hello all,
>
> Forgive me for this, I'm brand new to CAS and I'm trying to get LDAP
> working.
>
> I built an Ubuntu VM and did initial setup by doing:
>
>1. git clone https://github.com/apereo/cas-overlay-template
>2. I did some initial config changes in the cas.properties to get SSL
>up and running
>3. Ran sudo ./gradlew clean copyCasConfiguration build run
>4. I can login using the casuser and the default password as
>expected. This part is all working fine.
>
> So I tried adding LDAP support by:
>
>1. Modify build.gradle by adding
>implementation
>"org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
>to the dependencies section.
>2. Modify cas.properties by adding:
># Disable casuser
>cas.authn.accept.users=
># LDAP Servers Authenticated
>cas.authn.ldap[0].ldapUrl=ldap://:389
>#cas.authn.ldap[0].usessl=false
>cas.authn.ldap[0].useStartTls=false
>cas.authn.ldap[0].type=AUTHENTICATED
>cas.authn.ldap[0].bindDn=cn=cas bind,CN=Users,DC=...
>cas.authn.ldap[0].bindCredential=
># LDAP Servers Authenticated
>
># Search For CAS User
>cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
>cas.authn.ldap[0].subtreeSearch=true
>#cas.authn.ldap[0].searchFilter=(&(objectClass=person)(uid={user}))
>#cas.authn.ldap[0].searchFilter=uid={user}
>cas.authn.ldap[0].searchFilter=sAMAaccountName={user}
>#cas.authn.ldap[0].principalAttributeList=cn,givenName,mail,sn
># Search for CAS User
>3. Ran sudo ./gradlew clean copyCasConfiguration build run
>
> The page loads as usual. I am unable to login as casuser, which is
> expected. I cannot login with any domain credentials.
>
> In the log I get an error:
> 2022-02-08 15:43:49,567 INFO
> [org.apereo.cas.authentication.DefaultAuthenticationManager] -
> <[LdapAuthenticationHandler] exception details: [Unable to resolve user dn
> for ].>
>
> So I tried to verify that the server can connect via LDAP:
>
> ldapsearch -H ldap://:389 -D "CN=cas bind,CN=Users,DC=..."
> -W samaccountname= -b "OU=Technology,OU=Staff,DC=..." -v
>
> And I receive a valid result.
>
> I'm not sure where the disconnect is, or what else I should search for.
> Any tips or suggestions that you could provide would be helpful.
>
> I'm attaching the output of Task :run.
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bff98751-3a50-4786-81a9-cc38a6228cc4n%40apereo.org.
Re: [cas-user] CAS Management Overlay 6.5 LDAP Issues?
I can see the bind hit the LDAP server but no other requests seem to make
it there.
I'll check wireshark and make sure the requests are being sent, then will
check back.
On Tuesday, February 8, 2022 at 12:08:36 PM UTC-5 Ray Bon wrote:
> Michael,
>
> What do the ldap logs show?
>
> Ray
>
> On Tue, 2022-02-08 at 08:00 -0800, Michael Santangelo wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
>
> Hello all,
>
> Forgive me for this, I'm brand new to CAS and I'm trying to get LDAP
> working.
>
> I built an Ubuntu VM and did initial setup by doing:
>
>1. git clone https://github.com/apereo/cas-overlay-template
>2. I did some initial config changes in the cas.properties to get SSL
>up and running
>3. Ran sudo ./gradlew clean copyCasConfiguration build run
>4. I can login using the casuser and the default password as
>expected. This part is all working fine.
>
> So I tried adding LDAP support by:
>
>1. Modify build.gradle by adding
>implementation
>"org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
>to the dependencies section.
>2. Modify cas.properties by adding:
># Disable casuser
>cas.authn.accept.users=
># LDAP Servers Authenticated
>cas.authn.ldap[0].ldapUrl=ldap://:389
>#cas.authn.ldap[0].usessl=false
>cas.authn.ldap[0].useStartTls=false
>cas.authn.ldap[0].type=AUTHENTICATED
>cas.authn.ldap[0].bindDn=cn=cas bind,CN=Users,DC=...
>cas.authn.ldap[0].bindCredential=
># LDAP Servers Authenticated
>
># Search For CAS User
>cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
>cas.authn.ldap[0].subtreeSearch=true
>#cas.authn.ldap[0].searchFilter=(&(objectClass=person)(uid={user}))
>#cas.authn.ldap[0].searchFilter=uid={user}
>cas.authn.ldap[0].searchFilter=sAMAaccountName={user}
>#cas.authn.ldap[0].principalAttributeList=cn,givenName,mail,sn
># Search for CAS User
>3. Ran sudo ./gradlew clean copyCasConfiguration build run
>
> The page loads as usual. I am unable to login as casuser, which is
> expected. I cannot login with any domain credentials.
>
> In the log I get an error:
> 2022-02-08 15:43:49,567 INFO
> [org.apereo.cas.authentication.DefaultAuthenticationManager] -
> <[LdapAuthenticationHandler] exception details: [Unable to resolve user dn
> for ].>
>
> So I tried to verify that the server can connect via LDAP:
>
> ldapsearch -H ldap://:389 -D "CN=cas bind,CN=Users,DC=..."
> -W samaccountname= -b "OU=Technology,OU=Staff,DC=..." -v
>
> And I receive a valid result.
>
> I'm not sure where the disconnect is, or what else I should search for.
> Any tips or suggestions that you could provide would be helpful.
>
> I'm attaching the output of Task :run.
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | rb...@uvic.ca
>
> I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional
> territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ
> peoples whose historical relationships with the land continue to this day.
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a20c948-853b-4f1b-a84e-ccb5462a6f43n%40apereo.org.
[cas-user] Re: CAS Management Overlay 6.5 LDAP Issues?
I am modifying the file project file not the file in the local /etc
folder. the full path is
/home//cas-management-overlay/etc/cas/config/cas.properties
On Tue, Feb 8, 2022 at 12:38 PM Pablo Vidaurri wrote:
> Are you modifying the cas.properties created in /etc/cas or the one in
> your project folder? I don't think you want to do a
> copyCasConfiguration on each run as it will overwrite the cas.properies
> file in your /etc/cas folder
>
> Anyhow, my config looks similar to yours. One think I did run a problem
> with is the password policy. If you don't plan on managing passwords via
> CAS then also use this setting:
> cas.authn.ldap[0].passwordPolicy.enabled: false
>
> On Tuesday, February 8, 2022 at 10:03:31 AM UTC-6 michael.s...@gmail.com
> wrote:
>
>> Hello all,
>>
>> Forgive me for this, I'm brand new to CAS and I'm trying to get LDAP
>> working.
>>
>> I built an Ubuntu VM and did initial setup by doing:
>>
>>1. git clone https://github.com/apereo/cas-overlay-template
>>2. I did some initial config changes in the cas.properties to get SSL
>>up and running
>>3. Ran sudo ./gradlew clean copyCasConfiguration build run
>>4. I can login using the casuser and the default password as
>>expected. This part is all working fine.
>>
>> So I tried adding LDAP support by:
>>
>>1. Modify build.gradle by adding
>>implementation
>>"org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
>>to the dependencies section.
>>2. Modify cas.properties by adding:
>># Disable casuser
>>cas.authn.accept.users=
>># LDAP Servers Authenticated
>>cas.authn.ldap[0].ldapUrl=ldap://:389
>>#cas.authn.ldap[0].usessl=false
>>cas.authn.ldap[0].useStartTls=false
>>cas.authn.ldap[0].type=AUTHENTICATED
>>cas.authn.ldap[0].bindDn=cn=cas bind,CN=Users,DC=...
>>cas.authn.ldap[0].bindCredential=
>># LDAP Servers Authenticated
>>
>># Search For CAS User
>>cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
>>cas.authn.ldap[0].subtreeSearch=true
>>#cas.authn.ldap[0].searchFilter=(&(objectClass=person)(uid={user}))
>>#cas.authn.ldap[0].searchFilter=uid={user}
>>cas.authn.ldap[0].searchFilter=sAMAaccountName={user}
>>#cas.authn.ldap[0].principalAttributeList=cn,givenName,mail,sn
>># Search for CAS User
>>3. Ran sudo ./gradlew clean copyCasConfiguration build run
>>
>> The page loads as usual. I am unable to login as casuser, which is
>> expected. I cannot login with any domain credentials.
>>
>> In the log I get an error:
>> 2022-02-08 15:43:49,567 INFO
>> [org.apereo.cas.authentication.DefaultAuthenticationManager] -
>> <[LdapAuthenticationHandler] exception details: [Unable to resolve user dn
>> for ].>
>>
>> So I tried to verify that the server can connect via LDAP:
>>
>> ldapsearch -H ldap://:389 -D "CN=cas
>> bind,CN=Users,DC=..." -W samaccountname= -b
>> "OU=Technology,OU=Staff,DC=..." -v
>>
>> And I receive a valid result.
>>
>> I'm not sure where the disconnect is, or what else I should search for.
>> Any tips or suggestions that you could provide would be helpful.
>>
>> I'm attaching the output of Task :run.
>>
>
--
: Michael A. Santangelo
:: Owner, https://talesofatech.com
:: Primary: (908) 285-8760
:: Rutgers University, Class of 2007 & 2011
B.A. in Mathematics
B.S. in Information Technology
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAE2VgAVHgne2V%2BkOKu7ib7wgNRHFsGOCE17dv0p43QXe2DChQA%40mail.gmail.com.
Re: [cas-user] CAS Management Overlay 6.5 LDAP Issues?
Michael,
What do the ldap logs show?
Ray
On Tue, 2022-02-08 at 08:00 -0800, Michael Santangelo wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Hello all,
Forgive me for this, I'm brand new to CAS and I'm trying to get LDAP working.
I built an Ubuntu VM and did initial setup by doing:
1. git clone https://github.com/apereo/cas-overlay-template
2. I did some initial config changes in the cas.properties to get SSL up and
running
3. Ran sudo ./gradlew clean copyCasConfiguration build run
4. I can login using the casuser and the default password as expected. This
part is all working fine.
So I tried adding LDAP support by:
1. Modify build.gradle by adding
implementation
"org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
to the dependencies section.
2. Modify cas.properties by adding:
# Disable casuser
cas.authn.accept.users=
# LDAP Servers Authenticated
cas.authn.ldap[0].ldapUrl=ldap://:389
#cas.authn.ldap[0].usessl=false
cas.authn.ldap[0].useStartTls=false
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].bindDn=cn=cas bind,CN=Users,DC=...
cas.authn.ldap[0].bindCredential=
# LDAP Servers Authenticated
# Search For CAS User
cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
cas.authn.ldap[0].subtreeSearch=true
#cas.authn.ldap[0].searchFilter=(&(objectClass=person)(uid={user}))
#cas.authn.ldap[0].searchFilter=uid={user}
cas.authn.ldap[0].searchFilter=sAMAaccountName={user}
#cas.authn.ldap[0].principalAttributeList=cn,givenName,mail,sn
# Search for CAS User
3. Ran sudo ./gradlew clean copyCasConfiguration build run
The page loads as usual. I am unable to login as casuser, which is expected.
I cannot login with any domain credentials.
In the log I get an error:
2022-02-08 15:43:49,567 INFO
[org.apereo.cas.authentication.DefaultAuthenticationManager] -
<[LdapAuthenticationHandler] exception details: [Unable to resolve user dn for
].>
So I tried to verify that the server can connect via LDAP:
ldapsearch -H ldap://:389 -D "CN=cas bind,CN=Users,DC=..." -W
samaccountname= -b "OU=Technology,OU=Staff,DC=..." -v
And I receive a valid result.
I'm not sure where the disconnect is, or what else I should search for. Any
tips or suggestions that you could provide would be helpful.
I'm attaching the output of Task :run.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca
I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory
the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose
historical relationships with the land continue to this day.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d14a2f438698eead6d3226a765f804e478519fa2.camel%40uvic.ca.
Re: [cas-user] CAS Management Overlay 6.5 LDAP Issues?
That's a typo artifact.
It should be:
cas.authn.ldap[0].searchFilter=sAMAccountName={user}
I disable StartTLS because I wanted to make sure I could get it working
before introducing any sort of TLS/SSL for LDAPS. Getting the certificates
to cooperate has proven to be difficult as I am new to working on these
things. Do you think it would make a difference?
On Tuesday, February 8, 2022 at 11:13:48 AM UTC-5 Felix Schumacher wrote:
>
> Am 08.02.22 um 17:00 schrieb Michael Santangelo:
>
> Hello all,
>
> Forgive me for this, I'm brand new to CAS and I'm trying to get LDAP
> working.
>
> I built an Ubuntu VM and did initial setup by doing:
>
>1. git clone https://github.com/apereo/cas-overlay-template
>2. I did some initial config changes in the cas.properties to get SSL
>up and running
>3. Ran sudo ./gradlew clean copyCasConfiguration build run
>4. I can login using the casuser and the default password as
>expected. This part is all working fine.
>
> So I tried adding LDAP support by:
>
>1. Modify build.gradle by adding
>implementation
>"org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
>to the dependencies section.
>2. Modify cas.properties by adding:
># Disable casuser
>cas.authn.accept.users=
># LDAP Servers Authenticated
>cas.authn.ldap[0].ldapUrl=ldap://:389
>#cas.authn.ldap[0].usessl=false
>cas.authn.ldap[0].useStartTls=false
>cas.authn.ldap[0].type=AUTHENTICATED
>cas.authn.ldap[0].bindDn=cn=cas bind,CN=Users,DC=...
>cas.authn.ldap[0].bindCredential=
># LDAP Servers Authenticated
>
># Search For CAS User
>cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
>cas.authn.ldap[0].subtreeSearch=true
>#cas.authn.ldap[0].searchFilter=(&(objectClass=person)(uid={user}))
>#cas.authn.ldap[0].searchFilter=uid={user}
>cas.authn.ldap[0].searchFilter=sAMAaccountName={user}
>
> Is this a typo on your config? You have two a's after the initial SAM.
>
> Felix
>
> PS. Why do you disable startTLS?
>
>
>1. #cas.authn.ldap[0].principalAttributeList=cn,givenName,mail,sn
># Search for CAS User
>2. Ran sudo ./gradlew clean copyCasConfiguration build run
>
> The page loads as usual. I am unable to login as casuser, which is
> expected. I cannot login with any domain credentials.
>
> In the log I get an error:
> 2022-02-08 15:43:49,567 INFO
> [org.apereo.cas.authentication.DefaultAuthenticationManager] -
> <[LdapAuthenticationHandler] exception details: [Unable to resolve user dn
> for ].>
>
> So I tried to verify that the server can connect via LDAP:
>
> ldapsearch -H ldap://:389 -D "CN=cas
> bind,CN=Users,DC=..." -W samaccountname= -b
> "OU=Technology,OU=Staff,DC=..." -v
>
> And I receive a valid result.
>
> I'm not sure where the disconnect is, or what else I should search for.
> Any tips or suggestions that you could provide would be helpful.
>
> I'm attaching the output of Task :run.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+u...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5be8d9ff-f43d-4347-9f64-3842676a4a7fn%40apereo.org
>
>
> .
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6d5166ea-41d4-464e-abfe-c647dd058924n%40apereo.org.
Re: [cas-user] CAS Management Overlay 6.5 LDAP Issues?
Am 08.02.22 um 17:00 schrieb Michael Santangelo:
Hello all,
Forgive me for this, I'm brand new to CAS and I'm trying to get LDAP
working.
I built an Ubuntu VM and did initial setup by doing:
1. git clone https://github.com/apereo/cas-overlay-template
2. I did some initial config changes in the cas.properties to get SSL
up and running
3. Ran sudo ./gradlew clean copyCasConfiguration build run
4. I can login using the casuser and the default password as
expected. This part is all working fine.
So I tried adding LDAP support by:
1. Modify build.gradle by adding
implementation
"org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
to the dependencies section.
2. Modify cas.properties by adding:
# Disable casuser
cas.authn.accept.users=
# LDAP Servers Authenticated
cas.authn.ldap[0].ldapUrl=ldap://:389
#cas.authn.ldap[0].usessl=false
cas.authn.ldap[0].useStartTls=false
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].bindDn=cn=cas bind,CN=Users,DC=...
cas.authn.ldap[0].bindCredential=
# LDAP Servers Authenticated
# Search For CAS User
cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
cas.authn.ldap[0].subtreeSearch=true
#cas.authn.ldap[0].searchFilter=(&(objectClass=person)(uid={user}))
#cas.authn.ldap[0].searchFilter=uid={user}
cas.authn.ldap[0].searchFilter=sAMAaccountName={user}
Is this a typo on your config? You have two a's after the initial SAM.
Felix
PS. Why do you disable startTLS?
1. #cas.authn.ldap[0].principalAttributeList=cn,givenName,mail,sn
# Search for CAS User
2. Ran sudo ./gradlew clean copyCasConfiguration build run
The page loads as usual. I am unable to login as casuser, which is
expected. I cannot login with any domain credentials.
In the log I get an error:
2022-02-08 15:43:49,567 INFO
[org.apereo.cas.authentication.DefaultAuthenticationManager] -
<[LdapAuthenticationHandler] exception details: [Unable to resolve
user dn for ].>
So I tried to verify that the server can connect via LDAP:
ldapsearch -H ldap://:389 -D "CN=cas
bind,CN=Users,DC=..." -W samaccountname= -b
"OU=Technology,OU=Staff,DC=..." -v
And I receive a valid result.
I'm not sure where the disconnect is, or what else I should search
for. Any tips or suggestions that you could provide would be helpful.
I'm attaching the output of Task :run.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5be8d9ff-f43d-4347-9f64-3842676a4a7fn%40apereo.org
.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7d93dbb5-9a29-07c8-71f3-7b859c48b4ee%40internetallee.de.
OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
[cas-user] CAS Management Overlay 6.5 LDAP Issues?
Hello all,
Forgive me for this, I'm brand new to CAS and I'm trying to get LDAP
working.
I built an Ubuntu VM and did initial setup by doing:
1. git clone https://github.com/apereo/cas-overlay-template
2. I did some initial config changes in the cas.properties to get SSL up
and running
3. Ran sudo ./gradlew clean copyCasConfiguration build run
4. I can login using the casuser and the default password as expected.
This part is all working fine.
So I tried adding LDAP support by:
1. Modify build.gradle by adding
implementation
"org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
to the dependencies section.
2. Modify cas.properties by adding:
# Disable casuser
cas.authn.accept.users=
# LDAP Servers Authenticated
cas.authn.ldap[0].ldapUrl=ldap://:389
#cas.authn.ldap[0].usessl=false
cas.authn.ldap[0].useStartTls=false
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].bindDn=cn=cas bind,CN=Users,DC=...
cas.authn.ldap[0].bindCredential=
# LDAP Servers Authenticated
# Search For CAS User
cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
cas.authn.ldap[0].subtreeSearch=true
#cas.authn.ldap[0].searchFilter=(&(objectClass=person)(uid={user}))
#cas.authn.ldap[0].searchFilter=uid={user}
cas.authn.ldap[0].searchFilter=sAMAaccountName={user}
#cas.authn.ldap[0].principalAttributeList=cn,givenName,mail,sn
# Search for CAS User
3. Ran sudo ./gradlew clean copyCasConfiguration build run
The page loads as usual. I am unable to login as casuser, which is
expected. I cannot login with any domain credentials.
In the log I get an error:
2022-02-08 15:43:49,567 INFO
[org.apereo.cas.authentication.DefaultAuthenticationManager] -
<[LdapAuthenticationHandler] exception details: [Unable to resolve user dn
for ].>
So I tried to verify that the server can connect via LDAP:
ldapsearch -H ldap://:389 -D "CN=cas bind,CN=Users,DC=..."
-W samaccountname= -b "OU=Technology,OU=Staff,DC=..." -v
And I receive a valid result.
I'm not sure where the disconnect is, or what else I should search for.
Any tips or suggestions that you could provide would be helpful.
I'm attaching the output of Task :run.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5be8d9ff-f43d-4347-9f64-3842676a4a7fn%40apereo.org.
> Task :run
2022-02-08 15:42:38,442 INFO
[org.apereo.cas.configuration.CasConfigurationPropertiesValidator] -
2022-02-08 15:42:41,795 INFO
[org.apereo.cas.configuration.CasConfigurationPropertiesValidator] -
2022-02-08 15:42:46,757 DEBUG
[org.apereo.cas.tomcat.CasTomcatServletWebServerFactory] -
2022-02-08 15:42:56,652 INFO
[org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration]
- <
Using generated security password: c6404b94-e9bf-4e37-9690-4e9b56ac89aa
>
2022-02-08 15:42:56,809 DEBUG
[org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter] -
2022-02-08 15:42:56,812 INFO
[org.springframework.security.web.DefaultSecurityFilterChain] -
2022-02-08 15:42:56,812 INFO
[org.springframework.security.web.DefaultSecurityFilterChain] -
2022-02-08 15:42:56,812 INFO
[org.springframework.security.web.DefaultSecurityFilterChain] -
2022-02-08 15:42:56,812 INFO
[org.springframework.security.web.DefaultSecurityFilterChain] -
2022-02-08 15:42:56,812 INFO
[org.springframework.security.web.DefaultSecurityFilterChain] -
2022-02-08 15:42:56,812 INFO
[org.springframework.security.web.DefaultSecurityFilterChain] -
2022-02-08 15:42:56,812 INFO
[org.springframework.security.web.DefaultSecurityFilterChain] -
2022-02-08 15:42:56,812 INFO
[org.springframework.security.web.DefaultSecurityFilterChain] -
2022-02-08 15:42:56,812 INFO
[org.springframework.security.web.DefaultSecurityFilterChain] -
2022-02-08 15:42:56,812 INFO
[org.springframework.security.web.DefaultSecurityFilterChain] -
2022-02-08 15:42:56,894 INFO
[org.springframework.security.web.access.channel.ChannelProcessingFilter] -
2022-02-08 15:42:56,919 INFO
[org.springframework.security.web.DefaultSecurityFilterChain] -
2022-02-08 15:42:56,924 WARN
[org.springframework.security.config.annotation.web.builders.WebSecurity] - <
**Security debugging is enabled. *
**This may include sensitive information. *
** Do not use in a production system! *
