Zaki, This is an ldap config issue. Either the testuser needs to be added to the people ou; or change the testuser dn to match what exists in ldap.
Ray On Wed, 2022-05-18 at 09:54 +0300, Zaki Elmi Guelleh wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi Ray, when i use the command line utility ldapsearch from cas server; i have this error: result: 32 No such object root@cas:/etc/cas/config# ldapsearch -h 192.168.143.200 -x -W -D "cn=testuser,ou=people,dc=example,dc=com" Enter LDAP Password: # extended LDIF # # LDAPv3 # base <> (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object # numResponses: 1 Le mer. 18 mai 2022 à 08:31, Zaki Elmi Guelleh <zakiguel...@gmail.com<mailto:zakiguel...@gmail.com>> a écrit : Hi Ray, ldap settings are correct. root@LDAPserv:~# ldapsearch -h 192.168.143.200 -x -W -D "cn=admin,dc=example,dc=com" # testuser, people, example.com<http://example.com> dn: cn=testuser,ou=people,dc=example,dc=com cn: testuser gidNumber: 9802 givenName: testuser homeDirectory: /home/users/testuser mail: objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: person objectClass: organizationalPerson objectClass: supannPerson sn: testuser supannEmpId: 1001 supannEmpProfil:: QWRtaW5pc3RyYXRldXIgZHUgU3lzdMOobWUgJiBSw6lzZWF1 supannEntiteAffectation: uid: testuser uidNumber: 10012 userPassword:: e01ENX16QVBuUjZhdnU4djR2blpvclA2KzVRPT0= logs cas : ============================================================= WHO: audit:unknown WHAT: {source=RankedMultifactorAuthenticationProviderWebflowEventResolver, event=success, timestamp=Wed May 18 07:23:54 CEST 2022} ACTION: AUTHENTICATION_EVENT_TRIGGERED APPLICATION: CAS WHEN: Wed May 18 07:23:54 CEST 2022 CLIENT IP ADDRESS: X.X.X.X SERVER IP ADDRESS: X.X.X.X ============================================================= > 2022-05-18 07:24:07,465 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[LdapAuthenticationHandler] exception details: [Unable to resolve user dn for testuser].> 2022-05-18 07:24:07,465 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: testuser WHAT: [UsernamePasswordCredential(username=testuser, source=null, customFields={})] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Wed May 18 07:24:07 CEST 2022 CLIENT IP ADDRESS: X.X.X.X SERVER IP ADDRESS: X.X.X.X ============================================================= Thanks Le mar. 17 mai 2022 à 19:23, Ray Bon <r...@uvic.ca<mailto:r...@uvic.ca>> a écrit : zak, This are the settings I have for ldap cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].ldapUrl=ldaps://... cas.authn.ldap[0].connectTimeout=PT3S cas.authn.ldap[0].baseDn=ou=people,... cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].searchFilter=uid={user} cas.authn.ldap[0].bindDn=cn=Auth Manager,... cas.authn.ldap[0].bindCredential=... cas.authn.ldap[0].principalAttributeList=... You can use the command line utility, ldapsearch, to be sure your ldap settings are correct. Also check ldap logs. Ray On Tue, 2022-05-17 at 08:25 -0700, zak elmi wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi everyone. I have a problem that I haven't been able to solve for a long time. [org.apereo.cas.configuration.CasConfigurationPropertiesValidator] - <Validated CAS property sources and configuration successfully.> _ ____ _____ ____ _____ ___ ____ _ ____ / \ | _ \| ____| _ \| ____/ _ \ / ___| / \ / ___| / _ \ | |_) | _| | |_) | _|| | | | | | / _ \ \___ \ / ___ \| __/| |___| _ <| |__| |_| | | |___ / ___ \ ___) | /_/ \_\_| |_____|_| \_\_____\___/ \____/_/ \_\____/ CAS Version: 6.6.0-RC2 CAS Branch: master CAS Commit Id: 7946bc20e93ed407274ca391864c8e67165b4c8c CAS Build Date/Time: 2022-05-10T11:39:56Z Spring Boot Version: 2.6.6 Spring Version: 5.3.19 Java Home: /usr/lib/jvm/jdk-11 Java Vendor: Oracle Corporation Java Version: 11.0.15 JVM Free Memory: 298 MB JVM Maximum Memory: 910 MB JVM Total Memory: 603 MB OS Architecture: amd64 OS Name: Linux OS Version: 4.9.0-18-amd64 OS Date/Time: 2022-05-17T16:45:45.852237 OS Temp Directory: /opt/tomcat/latest/temp ------------------------------------------------------------ Apache Tomcat Version: Apache Tomcat/9.0.30 ----------------------------------------------- ____ _____ _ ______ __ | _ \| ____| / \ | _ \ \ / / | |_) | _| / _ \ | | | \ V / | _ <| |___ / ___ \| |_| || | |_| \_\_____/_/ \_\____/ |_| > 2022-05-17 16:55:04,681 WARN [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] - <1 errors, 0 successes> 2022-05-17 16:55:13,354 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: {result=Service Access Granted, service=https://example.com/index.php, requiredAttributes={}} ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED APPLICATION: CAS WHEN: Tue May 17 16:55:13 CEST 2022 CLIENT IP ADDRESS: X.X.X.X SERVER IP ADDRESS: X.X.X.X ============================================================= > 2022-05-17 16:55:13,367 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[LdapAuthenticationHandler] exception details: [Unable to resolve user dn for userxxxx].> 2022-05-17 16:55:13,368 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: userxxxx WHAT: [UsernamePasswordCredential(username= userxxxx , source=null, customFields={})] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Tue May 17 16:55:13 CEST 2022 CLIENT IP ADDRESS: X.X.X.X SERVER IP ADDRESS: X.X.X.X ============================================================= > 2022-05-17 16:55:13,368 WARN [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] - <1 errors, 0 successes> also find my cas.properties cas.server.name<http://cas.server.name>=https://192.168.143.203:8443 cas.server.prefix=${cas.server.name<http://cas.server.name>}/cas logging.config=file:/etc/cas/config/log4j2.xml cas.authn.accept.enabled=false ### Desactivation des comptes locaux cas.authn.accept.users= ### Connexion LDAP #cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].useSsl=false ### Credential to connect to LDAP cas.authn.ldap[0].ldapUrl=ldap://192.168.143.200:389<http://192.168.143.200:389> cas.authn.ldap[0].bindDn=cn=admin,dc=example,dc=com cas.authn.ldap[0].bindCredential=xxxxxxxx cas.authn.ldap[0].baseDn=ou=people,dc=example,dc=com cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].searchFilter=supannAliasLogin={%s} # peut-être optionnel cas.authn.ldap[0].principalAttributeId=supannAliasLogin cas.serviceRegistry.json.location: file:/etc/cas/services please if someone can help me? -------------------- -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group. To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/j-xKydm0vI8/unsubscribe. To unsubscribe from this group and all its topics, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/375c36d83561da185d101fe03b2b5f55873d327d.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/375c36d83561da185d101fe03b2b5f55873d327d.camel%40uvic.ca?utm_medium=email&utm_source=footer>. -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/485a425a59e4d6448e273319d44dea3aadafc9d2.camel%40uvic.ca.
