Thanks David! Your guidance helped tremendously --- I had inadvertently commented out the ' cas.authn.ldap[0].type' line.
have a great weekend. On Saturday, May 12, 2018 at 5:03:25 PM UTC-7, David Curry wrote: > > Since you have bind credentials specified, I'm thinking maybe you want > AUTHENTICATED rather than DIRECT. That's just a guess, though. You might > want to check the definitions of the types here: > > https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#ldap-authentication-1 > > Otherwise nothing jumps out at me as wrong, but I'm reading this in a > phone. :-) If it still doesn't work I would suggest setting debug level > logging and see if that helps. > > David A. Curry, CISSP > Director of Information Security > The New School - Information Technology > 71 Fifth Ave., 9th Fl. ~ New York, NY 10003 > +1 212 229-5300 x4728 ~ [email protected] <javascript:> > Sent from my phone; please excuse typos and inane auto-corrections. > > > On Sat, May 12, 2018, 19:51 Lionel Samuel <[email protected] > <javascript:>> wrote: > >> Yes --- here is my 'cas.properties' configuration. >> >> The ldap connection URL and DNs are correct (validated via ldapsearch >> from command line). >> >> Do you notice anything else missing? >> >> cas.properties: >> >> cas.server.name: http://localhost:8080/ >> cas.server.prefix: http://localhost:8080/edu-cas >> >> cas.adminPagesSecurity.ip=127\.0\.0\.1 >> >> logging.config: file:/etc/cas/config/log4j2.xml >> # cas.serviceRegistry.config.location: classpath:/services >> >> >> # Encrypt Cookies >> cas.tgc.secure: true >> cas.tgc.crypto.signing.key: snip >> cas.tgc.crypto.encryption.key: snip >> >> # Encrypt Spring Workflow >> cas.webflow.crypto.signing.key: snip >> cas.webflow.crypto.encryption.key: snip >> >> >> >> # cas.authn.ldap[0].type= DIRECT >> cas.authn.ldap[0].ldapUrl=ldaps://ldap.snip >> # cas.authn.ldap[0].connectionStrategy= >> cas.authn.ldap[0].useSsl=true >> cas.authn.ldap[0].connectTimeout=5000 >> cas.authn.ldap[0].subtreeSearch=true >> # BaseDn used to start the LDAP search looking for accounts >> cas.authn.ldap[0].baseDn=ou=PEOPLE,ou=edu >> # The search filter to use while looking for accounts. >> cas.authn.ldap[0].userFilter=uid={user} >> cas.authn.ldap[0].subtreeSearch=true >> cas.authn.ldap[0].usePasswordPolicy=false >> >> >> cas.authn.ldap[0].dnFormat=uid=%s,ou=PEOPLE,ou=edu >> cas.authn.ldap[0].principalAttributeId=uid >> cas.authn.ldap[0].principalAttributePassword= >> cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true >> >> >> >> # Bind credentials used to connect to the LDAP instance >> # >> cas.authn.ldap[0].bindDn=uid=foo,ou=edu >> cas.authn.ldap[0].bindCredential=snip >> >> cas.authn.accept.users: >> >> >> On Saturday, May 12, 2018 at 4:43:24 PM UTC-7, David Curry wrote: >>> >>> Assuming you added all the LDAP properties.... Did you disable the use >>> of the built-in credentials (casuser/Mellon)? >>> >>> cas.authn.accept.users: >>> >>> It should be set to an empty value, as shown above. >>> >>> David A. Curry, CISSP >>> Director of Information Security >>> The New School - Information Technology >>> 71 Fifth Ave., 9th Fl. ~ New York, NY 10003 >>> +1 212 229-5300 x4728 ~ [email protected] >>> Sent from my phone; please excuse typos and inane auto-corrections. >>> >>> >>> On Sat, May 12, 2018, 19:34 Lionel Samuel <[email protected]> wrote: >>> >>>> Hi David: >>>> >>>> It's a honor. I read your guide when googling this issue. >>>> >>>> I had added the following to the pom.xml and had rebuilt the war via >>>> './build.sh package' --- and deployed the new WAR to the Tomcat. >>>> >>>> Did I miss anything? >>>> >>>> I can't see the CAS server making a call to our LDAP server --- so it >>>> must somehow be skipping LDAP altogether. >>>> >>>> <dependency> >>>> < <groupId>org.apereo.cas</groupId> >>>> < <artifactId>cas-server-support-ldap</artifactId> >>>> < <version>${cas.version}</version> >>>> < </dependency> >>>> >>>> On Saturday, May 12, 2018 at 4:30:06 PM UTC-7, David Curry wrote: >>>>> >>>>> Did you add the LDAP dependency to pom.xml and rebuild the WAR? >>>>> >>>>> >>>>> David A. Curry, CISSP >>>>> Director of Information Security >>>>> The New School - Information Technology >>>>> 71 Fifth Ave., 9th Fl. ~ New York, NY 10003 >>>>> +1 212 229-5300 x4728 ~ [email protected] >>>>> Sent from my phone; please excuse typos and inane auto-corrections. >>>>> >>>>> >>>>> On Sat, May 12, 2018, 19:16 Lionel Samuel <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi List: >>>>>> >>>>>> I have a shiny new deployment of CAS5.2.4. I am setting up for LDAP >>>>>> authentication ---- however, >>>>>> HttpBasedServiceCredentialsAuthenticationHandler appears to be leveraged >>>>>> and not LdapAuthenticationHandler.....how do I toggle LDAP >>>>>> authentication? >>>>>> I have followed Any's setting for cas.properties on >>>>>> https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/QtzfZI1gnA4 >>>>>> >>>>>> >>>>>> <Authentication handlers used for this transaction are >>>>>> [HttpBasedServiceCredentialsAuthenticationHandler]> >>>>>> 2018-05-12 16:11:24,362 ERROR >>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >>>>>> <Authentication has failed. Credentials may be incorrect or CAS cannot >>>>>> find >>>>>> authentication handler that supports [lionel101] of type >>>>>> [UsernamePasswordCredential]. Examine the configuration to ensure a >>>>>> method >>>>>> of authentication is defined and analyze CAS logs at DEBUG level to >>>>>> trace >>>>>> the authentication event.> >>>>>> 2018-05-12 16:11:24,363 INFO >>>>>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - >>>>>> <Audit >>>>>> trail record BEGIN >>>>>> ============================================================= >>>>>> WHO: lionel101 >>>>>> WHAT: Supplied credentials: [lionel101] >>>>>> ACTION: AUTHENTICATION_FAILED >>>>>> APPLICATION: CAS >>>>>> WHEN: Sat May 12 16:11:24 PDT 2018 >>>>>> CLIENT IP ADDRESS: snip >>>>>> SERVER IP ADDRESS: snip >>>>>> ============================================================= >>>>>> >>>>>> -- >>>>>> - Website: https://apereo.github.io/cas >>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "CAS Community" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5c2597a8-0ebd-45b8-953d-341a05204095%40apereo.org >>>>>> >>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/5c2597a8-0ebd-45b8-953d-341a05204095%40apereo.org?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/49673811-d684-4b8a-a9d7-e7b3cbe34077%40apereo.org >>>> >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/49673811-d684-4b8a-a9d7-e7b3cbe34077%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/067236f8-b2d3-4bb9-b4fa-8ad1d5f7057d%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/067236f8-b2d3-4bb9-b4fa-8ad1d5f7057d%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20a622bb-1e0e-454c-8ed0-047863fb70bb%40apereo.org.
