Coeurcy, What do cas logs say about the ldap search (on debug or trace)?
Is sAMAccountName the/an attribute in the search tree? You are using cn in the bind. Ray On Fri, 2023-05-26 at 12:07 -0700, Coeurcy Mokoko wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. NB: I have now been able to raise the notification mentioned in my first email above but I am unable to connect to CAS Server with: username: admin ; password: @Debian453, configured in cas.properties, which is my ldap user. Le vendredi 26 mai 2023 à 19:53:15 UTC+1, Coeurcy Mokoko a écrit : Ray, In relation to what you said I've made some modifications to "cas.properties" above but still "username/password" incorrect, as far as ldap is concerned I can't find or access the logs for it, and it's case sensitive. My new cas.properties: as.server.name<http://as.server.name>=http://acsi.cg:8443 cas.server.prefix=${cas.server.name<http://cas.server.name>}/cas logging.config=file:/etc/cas/config/log4j2.xml cas.authn.accept.users= ### Connexion LDAP cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvid> cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].ldapUrl=ldap://acsi.cg:389<http://acsi.cg:389> cas.authn.ldap[0].baseDn=dc=acsi,dc=cg cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].searchFilter=sAMAccountName={user} # cas.authn.ldap[0].principalAttributeList=cn,givenName,mail # Credential to connect to LDAP cas.authn.ldap[0].bindDn=cn=admin,dc=acsi,dc=cg cas.authn.ldap[0].bindCredential=@Debian453 Le vendredi 26 mai 2023 à 17:44:52 UTC+1, Ray Bon a écrit : Coeurcy, The ldap loggers from my previous email should help with debugging the problem. Do you have access to the ldap server logs? Is your ldap case sensitive (you have 'dc' and 'DC')? Is there a class identifier missing in bind-dn? Ray On Fri, 2023-05-26 at 02:22 -0700, Coeurcy Mokoko wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Yes, I manage to connect from the command line with the same parameters, but when I try to authenticate to cas with the same login and password, it doesn't work! Le mardi 23 mai 2023 à 18:08:03 UTC+1, Ray Bon a écrit : azer, Can you connect to your ldap server from the computer running cas using command line or gui and the same connection parameters? Turn up logging for ldap. Ray P.S. here are some ldap related logs I have used <AsyncLogger name="org.ldaptive" level="${sys:ldap.log.level}" includeLocation="true" /> <!-- TODO: investigate: DEBUG 'Operation exception encountered, reopening connection' --> <AsyncLogger name="org.ldaptive.AbstractOperation" level="error" additivity="false" /> <AsyncLogger name="org.ldaptive.AbstractOperation$ReopenOperationExceptionHandler" level="error" additivity="false" /> <AsyncLogger name="org.ldaptive.BindOperation" level="warn" additivity="false" /> <AsyncLogger name="org.ldaptive.SearchOperation" level="warn" additivity="false" /> <AsyncLogger name="org.ldaptive.PooledConnectionFactory" level="warn" additivity="false" /> <!-- INFO Authentication failed for dn: ... DEBUG prints failed log in error reason (among other ldap connection details) --> <!-- <AsyncLogger name="org.ldaptive.auth" level="debug" additivity="false" /> --> <AsyncLogger name="org.ldaptive.pool.BlockingConnectionPool" level="warn" additivity="false" /> <AsyncLogger name="org.ldaptive.ssl.AggregateTrustManager" level="warn" additivity="false" /> <AsyncLogger name="org.ldaptive.ssl.DefaultHostnameVerifier" level="warn" additivity="false" /> <AsyncLogger name="org.ldaptive.ssl.HostnameVerifyingTrustManager" level="warn" additivity="false" /> <AsyncLogger name="org.ldaptive.transport.DefaultSearchOperationHandle" level="warn" additivity="false" /> <AsyncLogger name="org.ldaptive.transport.netty.MessageFrameDecoder" level="warn" additivity="false" /> <AsyncLogger name="org.ldaptive.transport.netty.NettyConnection" level="warn" additivity="false" /> <AsyncLogger name="org.ldaptive.transport.netty.NettyConnection$BindOperationHandle" level="warn" additivity="false" /> <AsyncLogger name="org.ldaptive.transport.netty.NettyConnection$RequestEncoder" level="warn" additivity="false" /> On Sat, 2023-05-20 at 07:54 -0700, azer tyuiop wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello, how to connect CAS to LDAP I implemented openLdap to install CAS then I created the file cas.properties in cas-overlay-template/etc/cas/config/ Because in this folder after the installation of CAS I did not find the file "cas.properties" which should normally be in the folder cas-overlay-template/etc/cas/config I recompiled and then deployed in cas but I still have this error attached. Here are the contents of the "cas.properties" file I created in cas-overlay-template/etc/cas/config: cas.server.name<http://cas.server.name>=http://acsi.cg:8443 cas.server.prefix=${cas.server.name<http://cas.server.name>}/cas logging.config: file:/etc/cas/config/log4j2.xml cas.authn.accept.users= ### LDAP connection #cas.authn.ldap\[0\].providerClass=org.ldaptive.provider.unboundid.UnboundIDPro> cas.authn.ldap[0].type=AUTHENTICATED #cas.authn.ldap\[0\].useSsl=false cas.authn.ldap[0].ldap-url=ldap://acsi.cg:389<http://acsi.cg:389> cas.authn.ldap[0].base-dn= subtreeA,dc=acsi,dc=cg|subtreeC,dc=acsi,dc=cg cas.authn.ldap[0].password-encoder.type=NONE cas.authn.ldap[0].search-filter={user} #cas.authn.ldap\[0].subtreeSearch=true #cas.authn.ldap\[0].principalAttributeList=cn,givenName,mail ### Credential to connect to LDAP cas.authn.ldap[0].bind-dn=admincas,CN=admincas,DC= acsi,DC=cg cas.authn.ldap[0].bind-credential=@Debian453 As a reminder, I use: openLdap, ldap account manager, jdk-17, tomcat 10 and cas-overlay-template 6.6.7 I'm looking forward to your help, thanks in advance! [cas ....png] -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/53a9028da12e575386c44461efca79a84d068f80.camel%40uvic.ca.
