Both the "commas" and "%2C" comments saved my life, Thank you Erdal and Stefan!
Also, I found that type=DIRECT is also needed for my case (type=AUTHENTICATED did not work for me) Here's my code that works in CAS 5.1.2 for future people Let say your server named [your.ldap.server] With Port:[389] And you can search your user with:[ou=people,dc=somesite,dc=net] Your Admin account named:[admin] with Password:[abcd1234] cas.authn.ldap[0].type=DIRECT cas.authn.ldap[0].ldapUrl=ldap://your.ldap.server:389/ou=people%2Cdc=somesite%2Cdc=net cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].useStartTls=false cas.authn.ldap[0].connectTimeout=5000 cas.authn.ldap[0].baseDn=ou=people,dc=somesite,dc=net cas.authn.ldap[0].userFilter=uid=%s cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].usePasswordPolicy=false cas.authn.ldap[0].bindDn=uid=admin,dc=somesite,dc=net cas.authn.ldap[0].bindCredential=abcd1234 cas.authn.ldap[0].dnFormat=uid=%s,ou=people,dc=somesite,dc=net cas.authn.ldap[0].principalAttributeId=uid cas.authn.ldap[0].principalAttributePassword= cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true On Tuesday, 9 May 2017 04:16:33 UTC+8, Stefan Schulz wrote: > > In the latest version (5.0.5) the comma needs to be URL encoded, otherwise > CAS assumes 'dc=com' to be a second server. > > cas.authn.ldap[0].ldapUrl=ldap:// > ldapserver.company.com:389/dc=company%2Cdc=com > <http://ldapserver.company.com:389/dc=company,dc=com> > <http://ldapserver.company.com:389/dc=company,dc=com> > Took me a while to figure that out... > Note: I am only answering as this is the only place I found (i.e. top > google results) with a complete CAS 5.0.X LDAP configuration. > > > Am Dienstag, 11. Oktober 2016 10:38:52 UTC+2 schrieb Erdal Gunyar: >> >> I don't know where did you get the path in the end of: >> cas.authn.ldap[0].ldapUrl=ldap://ldapserver.company.com:389/ >> *dc=company,dc=com* <http://ldapserver.company.com:389/dc=company,dc=com> >> >> >> But that saved me from hours of Google digging! >> Thanks a lot! :) >> >> Erdal. >> >> >> Le mercredi 24 août 2016 08:02:23 UTC+2, Sascha Müller a écrit : >>> >>> Ok. So here's a full rundown of what I've done so far including config >>> files and log. Hope that helps. >>> >>> First of all I've cloned the repository of the CAS war overlay and >>> switched to branch 5.0. Then I've generated a certificate (thekeystore) and >>> put it into '/etc/cas/'. When I run cas, https seems to be working fine. >>> Next I changed the cas.properties to >>> >>> cas.server.name=https://localhost:8443 >>>> cas.server.prefix=https://localhost:8443/cas >>> >>> cas.adminPagesSecurity.ip=127\.0\.0\.1 >>>> logging.config=file:/etc/cas/config/log4j2.xml >>>> # cas.serviceRegistry.config.location: classpath:/services >>>> cas.authn.accept.users= >>> >>> ### LDAP settings ### >>>> cas.authn.ldap[0].useSsl=false >>>> cas.authn.ldap[0].useStartTls=false >>>> cas.authn.ldap[0].ldapUrl=ldap:// >>>> ldapserver.company.com:389/dc=company,dc=com >>>> cas.authn.ldap[0].dnFormat=uid=%s,ou=Users,dc=company,dc=com >>>> cas.authn.ldap[0].baseDn=dc=company,dc=com >>>> cas.authn.ldap[0].connectTimeout=5000 >>>> cas.authn.ldap[0].principalAttributeId=uid >>>> cas.authn.ldap[0].principalAttributePassword= >>>> cas.authn.ldap[0].minPoolSize=3 >>>> cas.authn.ldap[0].maxPoolSize=10 >>>> cas.authn.ldap[0].validateOnCheckout=true >>>> cas.authn.ldap[0].validatePeriodically=true >>>> cas.authn.ldap[0].validatePeriod=600 >>>> cas.authn.ldap[0].failFast=true >>>> cas.authn.ldap[0].idleTime=5000 >>>> cas.authn.ldap[0].prunePeriod=5000 >>>> cas.authn.ldap[0].blockWaitTime=5000 >>> >>> >>> I got assured by our systems department, that these settings should be >>> ok. I did not touch 'application.yml' or any other file (except the >>> pom.xml, which I attached alongside the cas.log). >>> >>> Now, when I run "./build.sh clean package" & "./build.sh run" the server >>> starts up, but login fails with the message >>> >>> 2016-08-24 07:47:01,453 WARN >>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >>>> <Authentication has failed. Credentials may be incorrect or CAS cannot >>>> find >>>> authentication handler that supports [sam] of type >>>> [UsernamePasswordCredential], which suggests a configuration problem.> >>>> >>> >>> If you need anything else, please let me know. >>> >>> Thanks in advance. >>> >>> >>> >>> Am Mittwoch, 24. August 2016 06:00:37 UTC+2 schrieb Misagh Moayyed: >>>> >>>> Without knowing what you have so far, it’s very difficult to say. >>>> Either you have misplaced the configuration, or you have misdefined the >>>> property keys. >>>> >>>> -- >>>> Misagh >>>> >>>> From: Sascha Müller <[email protected]> >>>> Reply: Sascha Müller <[email protected]> >>>> Date: August 23, 2016 at 7:59:31 AM >>>> To: CAS Community <[email protected]> >>>> Subject: [cas-user] What are the exact steps to configure CAS 5.0.0 >>>> RC1 to use LDAP? >>>> >>>> Hey everybody, >>>> >>>> I tried to configure LDAP login through CAS 5.0.0 RC1 for more or less >>>> 4 days now. >>>> As far as I understand the documentation, all I have to do is: >>>> >>>> >>>> - add the dependency *cas-server-support-ldap* to my pom.xml and >>>> - configure ldap support via cas.properties (like url, baseDn etc.). >>>> >>>> >>>> But when I try to login, I get the following message on the console: >>>> >>>> Cannot find authentication handler that supports [username] of type >>>>> [UsernamePasswordCredential], which suggests a configuration problem. >>>>> >>>> >>>> >>>> I get the strong feeling I'm missing something really important here... >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> Visit this group at >>>> https://groups.google.com/a/apereo.org/group/cas-user/. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/51f27ef4-59b9-4b3e-9cf6-e6908bf3d98d%40apereo.org >>>> >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/51f27ef4-59b9-4b3e-9cf6-e6908bf3d98d%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/a/apereo.org/d/optout >>>> . >>>> >>>> -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/59b5f73a-f3e0-4d32-99db-8745e4382e99%40apereo.org.
