In the latest version (5.0.5) the comma needs to be URL encoded, otherwise CAS assumes 'dc=com' to be a second server.
cas.authn.ldap[0].ldapUrl=ldap:// ldapserver.company.com:389/dc=company%2Cdc=com <http://ldapserver.company.com:389/dc=company,dc=com> <http://ldapserver.company.com:389/dc=company,dc=com> Took me a while to figure that out... Note: I am only answering as this is the only place I found (i.e. top google results) with a complete CAS 5.0.X LDAP configuration. Am Dienstag, 11. Oktober 2016 10:38:52 UTC+2 schrieb Erdal Gunyar: > > I don't know where did you get the path in the end of: > cas.authn.ldap[0].ldapUrl=ldap://ldapserver.company.com:389/ > *dc=company,dc=com* <http://ldapserver.company.com:389/dc=company,dc=com> > > > But that saved me from hours of Google digging! > Thanks a lot! :) > > Erdal. > > > Le mercredi 24 août 2016 08:02:23 UTC+2, Sascha Müller a écrit : >> >> Ok. So here's a full rundown of what I've done so far including config >> files and log. Hope that helps. >> >> First of all I've cloned the repository of the CAS war overlay and >> switched to branch 5.0. Then I've generated a certificate (thekeystore) and >> put it into '/etc/cas/'. When I run cas, https seems to be working fine. >> Next I changed the cas.properties to >> >> cas.server.name=https://localhost:8443 >>> cas.server.prefix=https://localhost:8443/cas >> >> cas.adminPagesSecurity.ip=127\.0\.0\.1 >>> logging.config=file:/etc/cas/config/log4j2.xml >>> # cas.serviceRegistry.config.location: classpath:/services >>> cas.authn.accept.users= >> >> ### LDAP settings ### >>> cas.authn.ldap[0].useSsl=false >>> cas.authn.ldap[0].useStartTls=false >>> cas.authn.ldap[0].ldapUrl=ldap:// >>> ldapserver.company.com:389/dc=company,dc=com >>> cas.authn.ldap[0].dnFormat=uid=%s,ou=Users,dc=company,dc=com >>> cas.authn.ldap[0].baseDn=dc=company,dc=com >>> cas.authn.ldap[0].connectTimeout=5000 >>> cas.authn.ldap[0].principalAttributeId=uid >>> cas.authn.ldap[0].principalAttributePassword= >>> cas.authn.ldap[0].minPoolSize=3 >>> cas.authn.ldap[0].maxPoolSize=10 >>> cas.authn.ldap[0].validateOnCheckout=true >>> cas.authn.ldap[0].validatePeriodically=true >>> cas.authn.ldap[0].validatePeriod=600 >>> cas.authn.ldap[0].failFast=true >>> cas.authn.ldap[0].idleTime=5000 >>> cas.authn.ldap[0].prunePeriod=5000 >>> cas.authn.ldap[0].blockWaitTime=5000 >> >> >> I got assured by our systems department, that these settings should be >> ok. I did not touch 'application.yml' or any other file (except the >> pom.xml, which I attached alongside the cas.log). >> >> Now, when I run "./build.sh clean package" & "./build.sh run" the server >> starts up, but login fails with the message >> >> 2016-08-24 07:47:01,453 WARN >>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >>> <Authentication has failed. Credentials may be incorrect or CAS cannot find >>> authentication handler that supports [sam] of type >>> [UsernamePasswordCredential], which suggests a configuration problem.> >>> >> >> If you need anything else, please let me know. >> >> Thanks in advance. >> >> >> >> Am Mittwoch, 24. August 2016 06:00:37 UTC+2 schrieb Misagh Moayyed: >>> >>> Without knowing what you have so far, it’s very difficult to say. Either >>> you have misplaced the configuration, or you have misdefined the property >>> keys. >>> >>> -- >>> Misagh >>> >>> From: Sascha Müller <[email protected]> >>> Reply: Sascha Müller <[email protected]> >>> Date: August 23, 2016 at 7:59:31 AM >>> To: CAS Community <[email protected]> >>> Subject: [cas-user] What are the exact steps to configure CAS 5.0.0 >>> RC1 to use LDAP? >>> >>> Hey everybody, >>> >>> I tried to configure LDAP login through CAS 5.0.0 RC1 for more or less 4 >>> days now. >>> As far as I understand the documentation, all I have to do is: >>> >>> >>> - add the dependency *cas-server-support-ldap* to my pom.xml and >>> - configure ldap support via cas.properties (like url, baseDn etc.). >>> >>> >>> But when I try to login, I get the following message on the console: >>> >>> Cannot find authentication handler that supports [username] of type >>>> [UsernamePasswordCredential], which suggests a configuration problem. >>>> >>> >>> >>> I get the strong feeling I'm missing something really important here... >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> Visit this group at >>> https://groups.google.com/a/apereo.org/group/cas-user/. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/51f27ef4-59b9-4b3e-9cf6-e6908bf3d98d%40apereo.org >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/51f27ef4-59b9-4b3e-9cf6-e6908bf3d98d%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/a/apereo.org/d/optout. >>> >>> -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b9be05cf-c5ff-483c-986b-a9bb91cb0420%40apereo.org.
