Same thing. I already had the dependency in pom.xml, and most of those LDAP
settings. I added all the extra ones you mentioned but it didn't change
anything. I don't get it. I'm obviously missing something but near as I can
tell, I have all the prerequisites mention in the documentation.
On Tuesday, April 11, 2017 at 1:39:12 AM UTC-6, Nour Krichene wrote:
>
> Hello,
>
> It seems that some files are needed to support LDAP
>
>
> In pom.xml add this script
>
>
> <dependency>
> <groupId>org.apereo.cas</groupId>
> <artifactId>cas-server-support-ldap</artifactId>
> <version>${cas.version}</version>
> </dependency>
>
> after project's build add this code to etc/cas/config/cas.properties
>
> cas.authn.accept.users=
> cas.authn.ldap[0].type=AUTHENTICATED
>
> cas.authn.ldap[0].ldapUrl=ldap://localhost:389
> cas.authn.ldap[0].useSsl=false
> cas.authn.ldap[0].useStartTls=false
> cas.authn.ldap[0].connectTimeout=5000
> cas.authn.ldap[0].baseDc=dc=example,dc=com
> cas.authn.ldap[0].baseDn=ou=users,dc=example,dc=com
> cas.authn.ldap[0].userFilter=uid={user}
> cas.authn.ldap[0].subtreeSearch=true
> cas.authn.ldap[0].usePasswordPolicy=false
> cas.authn.ldap[0].bindDn=cn=admin,dc=example,dc=com
> cas.authn.ldap[0].bindCredential=**********
>
> cas.authn.ldap[0].enhanceWithEntryResolver=false
> cas.authn.ldap[0].dnFormat=uid=%s,ou=users,dc=example,dc=com
> cas.authn.ldap[0].principalAttributeId=uid
> cas.authn.ldap[0].principalAttributePassword=
> cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName
> cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true
>
> cas.authn.ldap[0].minPoolSize=3
> cas.authn.ldap[0].maxPoolSize=10
> cas.authn.ldap[0].validateOnCheckout=true
> cas.authn.ldap[0].validatePeriodically=true
> cas.authn.ldap[0].validatePeriod=600
>
> cas.authn.ldap[0].failFast=true
> cas.authn.ldap[0].idleTime=5000
> cas.authn.ldap[0].prunePeriod=5000
> cas.authn.ldap[0].blockWaitTime=5000
> cas.authn.ldap[0].allowMultipleDns=false
>
> cas.authn.ldap[0].passwordEncoder.type=NONE
> cas.authn.ldap[0].principalTransformation.suffix=
> cas.authn.ldap[0].principalTransformation.caseConversion=NONE
> cas.authn.ldap[0].principalTransformation.prefix=
>
>
>
>
> On Monday, April 10, 2017 at 11:00:54 PM UTC+2, bobbintb wrote:
>>
>> I'm new to CAS and I have been trying to figure out how to get it to
>> authenticate against LDAP. I'm on RHEL 7 with Tomcat 7 and CAS 5.0,4. I
>> used the Maven overlay. My pom.xml has:
>>
>> <groupId>org.apereo.cas</groupId>
>> <artifactId>cas-server-support-ldap</artifactId>
>> <version>5.0.4</version>
>> </dependency>
>> <dependency>
>> <groupId>org.apereo.cas</groupId>
>> <artifactId>cas-server-support-ldap-core</artifactId>
>> <version>5.0.4</version>
>> </dependency>
>>
>> No errors building. I didn't have the second one initially. I added it
>> later and it made no difference
>>
>>
>> Here is my ldap section from cas.properties:
>>
>>
>>
>> #LDAP connection info
>> cas.authn.accept.users=
>> cas.authn.ldap[0].type=AUTHENTICATED
>> cas.authn.ldap[0].ldapUrl=ldaps://ldap.my.org:636
>> cas.authn.ldap[0].useSsl=true
>> cas.authn.ldap[0].useStartTls=false
>> cas.authn.ldap[0].connectTimeout=5000
>> cas.authn.ldap[0].baseDn=ou=cp,o=org
>> cas.authn.ldap[0].principalAttributeId=uid
>> cas.authn.ldap[0].userFilter=cn=uid
>> cas.authn.ldap[0].subtreeSearch=true
>> cas.authn.ldap[0].usePasswordPolicy=true
>> cas.authn.ldap[0].bindDn=cn=cn=Directory Manager,o=org
>>
>> I just keep getting the same errors:
>>
>> WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <Authentication has failed. Credentials may be incorrect or CAS cannot find
>> authentication handler that supports [testusername] of type
>> [UsernamePasswordCredential], which suggests a configuration problem.>
>>
>> ERROR [org.apereo.cas.web.flow.AuthenticationExceptionHandler] - <Unable
>> to translate handler errors of the authentication exception
>> org.apereo.cas.authentication.AuthenticationException: 0 errors, 0
>> successes. Returning UNKNOWN by default...>
>>
>> Nothing I have found has helped. I tried changing the type to DIRECT. We
>> don't use AD so I didn't try that. Not sure if it will help. Any ideas? I'm
>> stumped.
>>
>> --
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines:
>> https://apereo.github.io/cas/Mailing-Lists.html
>> - CAS documentation website: https://apereo.github.io/cas
>> - CAS project website: https://github.com/apereo/cas
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/bcdf6bd8-ba0e-4587-bdd7-1b56d2bf49af%40apereo.org
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/bcdf6bd8-ba0e-4587-bdd7-1b56d2bf49af%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0e21de28-36cb-426b-9d05-1852e47db8c7%40apereo.org.
