both formats are fine for Spring... cas.authn.ldap[0].base-dn cas.authn.ldap[0].baseDn
On Thursday, June 22, 2023 at 9:30:27 AM UTC-5 oneill wrote: > It looks like you have a mix of different formats for property names. > > Can you share your current properties? > > > > You have some older names mixed with some current names. > > > > For example, after reviewing your original message, the ‘base DN’ property > should be ‘cas.authn.ldap[0].base-dn’ and not ‘cas.authn.ldap[0].baseDn’. > > Also, the ‘sub-tree search’ should be ‘cas.authn.ldap[0].subtree-search’ > and not ‘cas.authn.ldap[0].subtreeSearch’. > > > > # Active Directory > cas.authn.ldap[0].type=AD > cas.authn.ldap[0].ldapUrl=ldap://localhost:389 > cas.authn.ldap[0].useStartTls=false > cas.authn.ldap[0].baseDn=DC=AAA,DC=BBB > cas.authn.ldap[0].search-filter=(sAMAccountName={user}) > cas.authn.ldap[0].subtreeSearch=true > cas.authn.ldap[0].dn-format=cn=%s,DC=AAA,DC=BBB > > > > For reference: > > https://apereo.github.io/cas/6.6.x/authentication/LDAP-Authentication.html > > > > Thanks, > > Tom > > > > *From:* cas-...@apereo.org <cas-...@apereo.org> *On Behalf Of *Jason > Everling > *Sent:* Wednesday, June 21, 2023 10:59 AM > *To:* CAS Community <cas-...@apereo.org> > *Cc:* Ray Bon <rb...@uvic.ca>; dfisher <dfi...@vt.edu> > *Subject:* [EXT] Re: [cas-user] CAS 6.6.8 - Authenticate using AD > > > > *CAUTION: This email originated from outside of SIG. Exercise caution when > opening attachments or clicking links, especially from unknown senders.* > > [EXT-STAMP-ADDED] > > Try authenticated type instead, > > > > cas.authn.ldap[0].type=AUTHENTICATED > > cas.authn.ldap[0].bindDn=YOUR_BIND_DN, Can be upn format as well instead > of full dn > cas.authn.ldap[0].bindCredential=YOUR_BIND_PASSWORD > > > > On Wednesday, June 21, 2023 at 9:42:15 AM UTC-5 Ray Bon wrote: > > Jérémie, > > > > 'Unknown user name or bad password.' > > > > Suggests that this is an issue on AD side. > > See https://fawnoos.com/2022/11/24/cas70x-azure-active-directory/ or this > older one https://fawnoos.com/2017/11/22/cas-saml-integration-adfs/ > > > > Ray > > > > On Mon, 2023-06-19 at 00:41 -0700, Jérémie wrote: > > *Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information.* > > > > All logs were already set to DEBUG. > > > > I don't think firewall rules are causing the issue here as I'm reaching > the AD. > > > > Tomcat stdout logs : > > > > > > > > > > *2023-06-19 07:32:52,281 INFO > [org.apereo.cas.authentication.DefaultAuthenticationManager] - > <[LdapAuthenticationHandler] exception details: [].> 2023-06-19 > 07:32:52,281 INFO > [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[Static > Credentials] exception details: [cas not found in backing map.].> > 2023-06-19 07:32:52,281 INFO > [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= WHO: cas > WHAT: [UsernamePasswordCredential(username=cas, source=null, > customFields={})] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Mon > Jun 19 07:32:52 UTC 2023* > > > > *cas* is my user to recall. > > > > AD Logs (not sure if I can get more detailed, not an AD expert) : > > > Account For Which Logon Failed: > Security ID: NULL SID > Account Name: cas > Account Domain: > > AAA > > Failure Information: > Failure Reason: > > Unknown user name or bad password. > Status: 0xC000006D > Sub Status: 0xC000006A > > Process Information: > Caller Process ID: > > 0x34c > Caller Process Name: > > C:\Windows\System32\lsass.exe > > Network Information: > Workstation Name: > > XXX > Source Network Address: > > 127.0.0.1 > Source Port: 51309 > > Detailed Authentication Information: > Logon Process: > > Advapi > Authentication Package: > > MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 > Transited Services: > > - > Package Name (NTLM only): > > - > Key Length: 0 > > Le samedi 17 juin 2023 à 06:38:24 UTC+2, dfisher a écrit : > > On Fri, Jun 16, 2023 at 5:56 AM Jérémie <crazybr...@gmail.com> wrote: > > Thank for the logger, I've added it at the end of log4j2 file and set > level to*debug* > > > > > > You'll probably get a more complete picture if you set all of > `org.ldaptive` to DEBUG. > > > > > > Here is my error log now (debug logs doesn't seem to give much more > information) : > > > > > *2023-06-16 09:12:06,090 INFO > [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] > expired tickets removed.> 2023-06-16 09:12:22,891 WARN > [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught > exception for > org.ldaptive.transport.netty.NettyConnection@472298790::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, > > hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, > filter=null, inetAddress=null], isOpen=true, > connectTime=2023-06-16T09:09:32.569972500Z, > connectionConfig=[org.ldaptive.ConnectionConfig@1751226570::ldapUrl=ldap://localhost:389, > > connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, > autoReconnect=true, > autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, > > autoReplay=true, > sslConfig=[org.ldaptive.ssl.SslConfig@1885893078::credentialConfig=null, > trustManagers=null, > hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@26a2d23f, > enabledCipherSuites=null, enabledProtocols=null, > handshakeCompletedListeners=null, handshakeTimeout=PT1M], > useStartTLS=false, connectionInitializers=null, > connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@1122089449::ldapURLSet=[org.ldaptive.LdapURLSet@1745317225::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, > > hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, > filter=null, inetAddress=null]], inactive=[]], > activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@6bd15511, > > retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, > > initialized=true], connectionValidator=null, transportOptions={}], > channel=[id: 0x560c13d8, L:/127.0.0.1:64781 <http://127.0.0.1:64781> - > R:localhost/127.0.0.1:389 <http://127.0.0.1:389>]>* > > > > > > Any localhost firewall rules that may be causing problems? What does the > AD logs say? > > > > --Daniel Fisher > > > > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+u...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/15727e8d-1679-4f1a-b6cb-f959d3d641b0n%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/15727e8d-1679-4f1a-b6cb-f959d3d641b0n%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6d9c9973-6e04-4776-8900-fe7051017899n%40apereo.org.
