In the latest version (5.0.5) the comma needs to be URL encoded, otherwise CAS assumes 'dc=com' to be a second server.
cas.authn.ldap[0].ldapUrl=ldap:// ldapserver.company.com:389/dc=company%2Cdc=com <http://ldapserver.company.com:389/dc=company,dc=com> <http://ldapserver.company.com:389/dc=company,dc=com> Took me a while to figure that out... Note: I am only answering as this is the only place I found (i.e. top google results) with a complete CAS 5.0.X LDAP configuration. Am Dienstag, 11. Oktober 2016 10:38:52 UTC+2 schrieb Erdal Gunyar: > > I don't know where did you get the path in the end of: > cas.authn.ldap[0].ldapUrl=ldap://ldapserver.company.com:389/ > *dc=company,dc=com* <http://ldapserver.company.com:389/dc=company,dc=com> > > > But that saved me from hours of Google digging! > Thanks a lot! :) > > Erdal. > > > Le mercredi 24 août 2016 08:02:23 UTC+2, Sascha Müller a écrit : >> >> Ok. So here's a full rundown of what I've done so far including config >> files and log. Hope that helps. >> >> First of all I've cloned the repository of the CAS war overlay and >> switched to branch 5.0. Then I've generated a certificate (thekeystore) and >> put it into '/etc/cas/'. When I run cas, https seems to be working fine. >> Next I changed the cas.properties to >> >> cas.server.name=https://localhost:8443 >>> cas.server.prefix=https://localhost:8443/cas >> >> cas.adminPagesSecurity.ip=127\.0\.0\.1 >>> logging.config=file:/etc/cas/config/log4j2.xml >>> # cas.serviceRegistry.config.location: classpath:/services >>> cas.authn.accept.users= >> >> ### LDAP settings ### >>> cas.authn.ldap[0].useSsl=false >>> cas.authn.ldap[0].useStartTls=false >>> cas.authn.ldap[0].ldapUrl=ldap:// >>> ldapserver.company.com:389/dc=company,dc=com >>> cas.authn.ldap[0].dnFormat=uid=%s,ou=Users,dc=company,dc=com >>> cas.authn.ldap[0].baseDn=dc=company,dc=com >>> cas.authn.ldap[0].connectTimeout=5000 >>> cas.authn.ldap[0].principalAttributeId=uid >>> cas.authn.ldap[0].principalAttributePassword= >>> cas.authn.ldap[0].minPoolSize=3 >>> cas.authn.ldap[0].maxPoolSize=10 >>> cas.authn.ldap[0].validateOnCheckout=true >>> cas.authn.ldap[0].validatePeriodically=true >>> cas.authn.ldap[0].validatePeriod=600 >>> cas.authn.ldap[0].failFast=true >>> cas.authn.ldap[0].idleTime=5000 >>> cas.authn.ldap[0].prunePeriod=5000 >>> cas.authn.ldap[0].blockWaitTime=5000 >> >> >> I got assured by our systems department, that these settings should be >> ok. I did not touch 'application.yml' or any other file (except the >> pom.xml, which I attached alongside the cas.log). >> >> Now, when I run "./build.sh clean package" & "./build.sh run" the server >> starts up, but login fails with the message >> >> 2016-08-24 07:47:01,453 WARN >>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >>> <Authentication has failed. Credentials may be incorrect or CAS cannot find >>> authentication handler that supports [sam] of type >>> [UsernamePasswordCredential], which suggests a configuration problem.> >>> >> >> If you need anything else, please let me know. >> >> Thanks in advance. >> >> >> >> Am Mittwoch, 24. August 2016 06:00:37 UTC+2 schrieb Misagh Moayyed: >>> >>> Without knowing what you have so far, it’s very difficult to say. Either >>> you have misplaced the configuration, or you have misdefined the property >>> keys. >>> >>> -- >>> Misagh >>> >>> From: Sascha Müller <zasc...@gmail.com> >>> Reply: Sascha Müller <zasc...@gmail.com> >>> Date: August 23, 2016 at 7:59:31 AM >>> To: CAS Community <cas...@apereo.org> >>> Subject: [cas-user] What are the exact steps to configure CAS 5.0.0 >>> RC1 to use LDAP? >>> >>> Hey everybody, >>> >>> I tried to configure LDAP login through CAS 5.0.0 RC1 for more or less 4 >>> days now. >>> As far as I understand the documentation, all I have to do is: >>> >>> >>> - add the dependency *cas-server-support-ldap* to my pom.xml and >>> - configure ldap support via cas.properties (like url, baseDn etc.). >>> >>> >>> But when I try to login, I get the following message on the console: >>> >>> Cannot find authentication handler that supports [username] of type >>>> [UsernamePasswordCredential], which suggests a configuration problem. >>>> >>> >>> >>> I get the strong feeling I'm missing something really important here... >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cas-user+u...@apereo.org. >>> To post to this group, send email to cas-...@apereo.org. >>> Visit this group at >>> https://groups.google.com/a/apereo.org/group/cas-user/. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/51f27ef4-59b9-4b3e-9cf6-e6908bf3d98d%40apereo.org >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/51f27ef4-59b9-4b3e-9cf6-e6908bf3d98d%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/a/apereo.org/d/optout. >>> >>> -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b9be05cf-c5ff-483c-986b-a9bb91cb0420%40apereo.org.
