Thank you. That was the issue, for the most part. I had some other issues as well but that was the one that was causing this particular problem. Don't know how I missed that.
On Tuesday, April 11, 2017 at 1:49:19 PM UTC-6, Paul Mitchell wrote: > > Your bindDn is wrong, in at least what you've pasted above " > cas.authn.ldap[0].bindDn=cn=cn=Directory Manager,o=org" . You look to > have an extra cn= in there. > > Paul. > > On 11 April 2017 at 18:25, bobbintb <[email protected] <javascript:>> wrote: > >> Same thing. I already had the dependency in pom.xml, and most of those >> LDAP settings. I added all the extra ones you mentioned but it didn't >> change anything. I don't get it. I'm obviously missing something but near >> as I can tell, I have all the prerequisites mention in the documentation. >> >> >> On Tuesday, April 11, 2017 at 1:39:12 AM UTC-6, Nour Krichene wrote: >>> >>> Hello, >>> >>> It seems that some files are needed to support LDAP >>> >>> >>> In pom.xml add this script >>> >>> >>> <dependency> >>> <groupId>org.apereo.cas</groupId> >>> <artifactId>cas-server-support-ldap</artifactId> >>> <version>${cas.version}</version> >>> </dependency> >>> >>> after project's build add this code to etc/cas/config/cas.properties >>> >>> cas.authn.accept.users= >>> cas.authn.ldap[0].type=AUTHENTICATED >>> >>> cas.authn.ldap[0].ldapUrl=ldap://localhost:389 >>> cas.authn.ldap[0].useSsl=false >>> cas.authn.ldap[0].useStartTls=false >>> cas.authn.ldap[0].connectTimeout=5000 >>> cas.authn.ldap[0].baseDc=dc=example,dc=com >>> cas.authn.ldap[0].baseDn=ou=users,dc=example,dc=com >>> cas.authn.ldap[0].userFilter=uid={user} >>> cas.authn.ldap[0].subtreeSearch=true >>> cas.authn.ldap[0].usePasswordPolicy=false >>> cas.authn.ldap[0].bindDn=cn=admin,dc=example,dc=com >>> cas.authn.ldap[0].bindCredential=********** >>> >>> cas.authn.ldap[0].enhanceWithEntryResolver=false >>> cas.authn.ldap[0].dnFormat=uid=%s,ou=users,dc=example,dc=com >>> cas.authn.ldap[0].principalAttributeId=uid >>> cas.authn.ldap[0].principalAttributePassword= >>> cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName >>> cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true >>> >>> cas.authn.ldap[0].minPoolSize=3 >>> cas.authn.ldap[0].maxPoolSize=10 >>> cas.authn.ldap[0].validateOnCheckout=true >>> cas.authn.ldap[0].validatePeriodically=true >>> cas.authn.ldap[0].validatePeriod=600 >>> >>> cas.authn.ldap[0].failFast=true >>> cas.authn.ldap[0].idleTime=5000 >>> cas.authn.ldap[0].prunePeriod=5000 >>> cas.authn.ldap[0].blockWaitTime=5000 >>> cas.authn.ldap[0].allowMultipleDns=false >>> >>> cas.authn.ldap[0].passwordEncoder.type=NONE >>> cas.authn.ldap[0].principalTransformation.suffix= >>> cas.authn.ldap[0].principalTransformation.caseConversion=NONE >>> cas.authn.ldap[0].principalTransformation.prefix= >>> >>> >>> >>> >>> On Monday, April 10, 2017 at 11:00:54 PM UTC+2, bobbintb wrote: >>>> >>>> I'm new to CAS and I have been trying to figure out how to get it to >>>> authenticate against LDAP. I'm on RHEL 7 with Tomcat 7 and CAS 5.0,4. I >>>> used the Maven overlay. My pom.xml has: >>>> >>>> <groupId>org.apereo.cas</groupId> >>>> <artifactId>cas-server-support-ldap</artifactId> >>>> <version>5.0.4</version> >>>> </dependency> >>>> <dependency> >>>> <groupId>org.apereo.cas</groupId> >>>> <artifactId>cas-server-support-ldap-core</artifactId> >>>> <version>5.0.4</version> >>>> </dependency> >>>> >>>> No errors building. I didn't have the second one initially. I added it >>>> later and it made no difference >>>> >>>> >>>> Here is my ldap section from cas.properties: >>>> >>>> >>>> >>>> #LDAP connection info >>>> cas.authn.accept.users= >>>> cas.authn.ldap[0].type=AUTHENTICATED >>>> cas.authn.ldap[0].ldapUrl=ldaps://ldap.my.org:636 >>>> cas.authn.ldap[0].useSsl=true >>>> cas.authn.ldap[0].useStartTls=false >>>> cas.authn.ldap[0].connectTimeout=5000 >>>> cas.authn.ldap[0].baseDn=ou=cp,o=org >>>> cas.authn.ldap[0].principalAttributeId=uid >>>> cas.authn.ldap[0].userFilter=cn=uid >>>> cas.authn.ldap[0].subtreeSearch=true >>>> cas.authn.ldap[0].usePasswordPolicy=true >>>> cas.authn.ldap[0].bindDn=cn=cn=Directory Manager,o=org >>>> >>>> I just keep getting the same errors: >>>> >>>> WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >>>> <Authentication has failed. Credentials may be incorrect or CAS cannot >>>> find >>>> authentication handler that supports [testusername] of type >>>> [UsernamePasswordCredential], which suggests a configuration problem.> >>>> >>>> ERROR [org.apereo.cas.web.flow.AuthenticationExceptionHandler] - >>>> <Unable to translate handler errors of the authentication exception >>>> org.apereo.cas.authentication.AuthenticationException: 0 errors, 0 >>>> successes. Returning UNKNOWN by default...> >>>> >>>> Nothing I have found has helped. I tried changing the type to DIRECT. >>>> We don't use AD so I didn't try that. Not sure if it will help. Any ideas? >>>> I'm stumped. >>>> >>>> -- >>>> - CAS gitter chatroom: https://gitter.im/apereo/cas >>>> - CAS mailing list guidelines: >>>> https://apereo.github.io/cas/Mailing-Lists.html >>>> - CAS documentation website: https://apereo.github.io/cas >>>> - CAS project website: https://github.com/apereo/cas >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/bcdf6bd8-ba0e-4587-bdd7-1b56d2bf49af%40apereo.org >>>> >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/bcdf6bd8-ba0e-4587-bdd7-1b56d2bf49af%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >> - CAS gitter chatroom: https://gitter.im/apereo/cas >> - CAS mailing list guidelines: >> https://apereo.github.io/cas/Mailing-Lists.html >> - CAS documentation website: https://apereo.github.io/cas >> - CAS project website: https://github.com/apereo/cas >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0e21de28-36cb-426b-9d05-1852e47db8c7%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/0e21de28-36cb-426b-9d05-1852e47db8c7%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/119218e0-a3a9-428b-a644-0b2cc256d1d0%40apereo.org.
