*Hi Ray, *
*LDAP SEARCH * Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=test,dc=local> with scope subtree # filter: uid=* # requesting: ALL # # search reference ref: ldap://ForestDnsZones.TEST.LOCAL/DC=ForestDnsZones,DC=TEST,DC=LOCAL # search reference ref: ldap://DomainDnsZones.TEST.LOCAL/DC=DomainDnsZones,DC=TEST,DC=LOCAL # search reference ref: ldap://TEST.LOCAL/CN=Configuration,DC=TEST,DC=LOCAL # search result search: 2 result: 0 Success # numResponses: 4 # numReferences: 3 Active Directory: The registry does not show us any type of error with the LDAP. Any suggestion? El miércoles, 28 de noviembre de 2018, 17:52:30 (UTC+1), rbon escribió: > > Carlos, > > Do you have access to your AD/LDAP logs? Sanitize and post here (both > successful ldapsearch and failed SSO). They may give a reason for the > failure. > > Ray > > On Wed, 2018-11-28 at 08:03 -0800, Carlos Morales wrote: > > I follow this guide, but this seems impossible.... > > SSO with LDAP dosn't work but my ldapsearch it's working anb binding all > users. > > Any suggestion? > > Thank in advantage. > > El miércoles, 28 de noviembre de 2018, 16:06:23 (UTC+1), João Henriques > escribió: > > Check this thread: > > https://groups.google.com/a/apereo.org/d/topic/cas-user/LBfDaRPQ5Ds/discussion > > Maybe it helps. > > > quarta-feira, 28 de Novembro de 2018 às 14:07:25 UTC, Dirk Tepe escreveu: > > Have you included LDAP support in your POM dependencies when you built the > WAR file? > > https://apereo.github.io/cas/5.3.x/installation/LDAP-Authentication.html > > That error seems to indicate your CAS instance is not even capable of > using LDAP. > > -dirk > > On Wed, Nov 28, 2018 at 7:26 AM Carlos Morales <[email protected]> wrote: > > Hello, > > Here mi AD: > > My ldapsearch works correctly and bind OK, but my CAS dosn't connect with > AD and give me the following error: > > 2018-11-28 13:22:47,186 DEBUG > [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - > <Authentication handler [HttpBasedServiceCredentialsAuthenticationHandler] > does not support the credential type > [UsernamePasswordCredential(username=asdf)]. Trying next...> > > My application.properties: > > cas.authn.ldap[0].type= AD > cas.authn.ldap[0].ldapUrl= ldap://IP:389 > cas.authn.ldap[0].useSsl= false > cas.authn.ldap[0].useStartTls= false > cas.authn.ldap[0].connectTimeout= 3000 > cas.authn.ldap[0].baseDn= OU=VDI,DC=domain,DC=local > cas.authn.ldap[0].searchFilter= sAMAaccountName={user} > cas.authn.ldap[0].subtreeSearch= true > cas.authn.ldap[0].dnFormat= %s@domain > cas.authn.ldap[0].principalAttributeId= asdf > cas.authn.ldap[0].principalAttributePassword=nPASS > cas.authn.ldap[0].bindCredential=PASS > logging.level.org.apereo= DEBUG > cas.authn.ldap[0].allowMultipleDns= false > # > > Thank you so much > > Any option? > > El miércoles, 28 de noviembre de 2018, 11:49:10 (UTC+1), casuser escribió: > > Do you have a user called "test" in the Active Directory? > *[HttpBasedServiceCredentialsAuthenticationHandler] does not support the > credential type [UsernamePasswordCredential (username = Test)]. * > And try this cas.authn.ldap[0].searchFilter=sAMAccountName={user} > > > On Wed, Nov 28, 2018 at 6:14 PM Carlos Morales <[email protected]> wrote: > > I have tried more options like: > cas.authn.ldap[0].searchFilter= cn={user} > cas.authn.ldap[0].userFilter=uid={user} > sAMAccountName > > But all of them same error: > > <Authentication handler [HttpBasedServiceCredentialsAuthenticationHandler] > does not support the credential type [UsernamePasswordCredential (username > = Test)]. Trying next ...> > > Any option? > > Thank you so much. > > El martes, 27 de noviembre de 2018, 18:15:20 (UTC+1), casuser escribió: > > Check your active directory field to verify the username, we had the same > problem then we switched it back to sAMAccountName from cn > > On Wed, 28 Nov 2018, 12:34 am Carlos Morales <[email protected] wrote: > > Sorry, the syntax is correct as you said it is n and not m, but it still > does not work showing the same error: > > <Authentication handler [HttpBasedServiceCredentialsAuthenticationHandler] > does not support the credential type [UsernamePasswordCredential (username > = Test)]. Trying next ...> > > Any other option? > > El martes, 27 de noviembre de 2018, 17:07:25 (UTC+1), casuser escribió: > > Aren't that supposed to be cn instead of cm in the searchfilter value field > > On Tue, 27 Nov 2018, 11:18 pm Carlos Morales <[email protected] wrote: > > > Good afternoon, I have installed CAS in the new version 5.3.0, once modified > the application.properties and indicated that the default credentials stop > working I have tried to add the follow > cas.authn.ldap[0].type= AD > cas.authn.ldap[0].ldapUrl= ldap://IP:389 > cas.authn.ldap[0].useSsl= false > cas.authn.ldap[0].useStartTls= false > cas.authn.ldap[0].connectTimeout= 3000 > cas.authn.ldap[0].baseDn= OU=VDI,DC=domain,DC=local > cas.authn.ldap[0].searchFilter= cm={user} > cas.authn.ldap[0].subtreeSearch= true > cas.authn.ldap[0].dnFormat= %s@domain > > cas.authn.ldap[0].principalAttributeId= Admin > cas.authn.ldap[0].principalAttributePassword=Password > cas.authn.ldap[0].bindCredential=Password > logging.level.org.apereo= DEBUG > > When I try to log in with the credentials, the LOG shows the following error: > > 2018-11-27 12:57:24,594 DEBUG > [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - > <Authentication handler [HttpBasedServiceCredentialsAuthenticationHandler] > does not support the credential type > [UsernamePasswordCredential(username=Test)]. Trying next...> > > 2018-11-27 12:57:24,629 INFO > [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > > ============================================================= > > WHO: Test > > WHAT: Supplied credentials: [UsernamePasswordCredential(username=Test)] > > ACTION: AUTHENTICATION_FAILED > > APPLICATION: CAS > > WHEN: Tue Nov 27 12:57:24 CET 2018 > > > From the server of cas with ldapsearch I can show all the information. > > Can you help me in this matter? It is an environment that needs to be > authenticated with AD and I do not get it. > > Thank you so much. > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/57d36eab-e109-42c8-9514-9476e9dcef8e%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/57d36eab-e109-42c8-9514-9476e9dcef8e%40apereo.org?utm_medium=email&utm_source=footer> > . > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/de868633-b559-43a0-8489-73a0a0efe219%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/de868633-b559-43a0-8489-73a0a0efe219%40apereo.org?utm_medium=email&utm_source=footer> > . > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/8378915f-d57a-411c-a8fd-08ce55eb255c%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/8378915f-d57a-411c-a8fd-08ce55eb255c%40apereo.org?utm_medium=email&utm_source=footer> > . > > > > -- > -Fazla. > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/adbf480d-ad7e-42a0-9226-880dc4310843%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/adbf480d-ad7e-42a0-9226-880dc4310843%40apereo.org?utm_medium=email&utm_source=footer> > . > > > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] <javascript:> > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/fb3b168d-bfa8-45d6-b647-e75629c3debd%40apereo.org.
