[cas-user] Re: CAS 6.4 - Impossible to authenticate with LDAP

Tue, 23 Mar 2021 04:34:32 -0700 

Hi,
I have found the problem.
It was an ACL problem. I had a rule which blocked the access. I have fixed 
it and now all is correct.

Thank you for your helps Bartosz Nitkiewicz and Ray Bon.

Jérémie

Le lundi 22 mars 2021 à 18:49:12 UTC+1, Jérémie Pilette a écrit :

> Bartosz Nitkiewicz
> I am using AJP connection between Apache2 and tomcat9.
> Apache 2 is the front with TLS connetion.
>
> Le lundi 22 mars 2021 à 17:09:55 UTC+1, Bartosz Nitkiewicz a écrit :
>
>> Shouldn't you add keystore for SSL/TLS authentication?
>> like:
>>
>> cas.authn.ldap[0].keystore=file:/etc/cas/config/keystore.jks
>> cas.authn.ldap[0].keystorePassword=password
>> cas.authn.ldap[0].keystoreType=PKCS12
>>
>> You should add your signed certificate to main JAVA keystore
>> poniedziałek, 22 marca 2021 o 16:57:38 UTC+1 Jérémie Pilette napisał(a):
>>
>>> Yes I am using Start-tls
>>> cas.authn.ldap[0].use-start-tls=true
>>>
>>> Le lundi 22 mars 2021 à 16:53:36 UTC+1, Bartosz Nitkiewicz a écrit :
>>>
>>>> Maybe your LDAP server have to be authenticated through SSL/TLS (LDAPS)?
>>>>
>>>> poniedziałek, 22 marca 2021 o 16:25:41 UTC+1 Jérémie Pilette napisał(a):
>>>>
>>>>> It seems to be Invalid Credential for the user.. I don't know why..
>>>>> Le lundi 22 mars 2021 à 16:21:48 UTC+1, Jérémie Pilette a écrit :
>>>>>
>>>>>> It doesn't change anything with this two lines added ... :o(
>>>>>>
>>>>>> Le lundi 22 mars 2021 à 16:17:58 UTC+1, Bartosz Nitkiewicz a écrit :
>>>>>>
>>>>>>> implementation is ok
>>>>>>>
>>>>>>> Try to add 
>>>>>>> cas.authn.ldap[0].name=adYourName
>>>>>>> cas.authn.ldap[0].order=0
>>>>>>>
>>>>>>> poniedziałek, 22 marca 2021 o 16:13:17 UTC+1 Jérémie Pilette 
>>>>>>> napisał(a):
>>>>>>>
>>>>>>>>
>>>>>>>> Yes I have :
>>>>>>>> compile 
>>>>>>>> "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
>>>>>>>>
>>>>>>>> But i have seen that instead of "compile" we can put 
>>>>>>>> "implementation".
>>>>>>>> I do not know which one we have to use
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Le lundi 22 mars 2021 à 16:07:48 UTC+1, Bartosz Nitkiewicz a écrit :
>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>> Did you build ldap dependency into your CAS server?
>>>>>>>>> You should add 
>>>>>>>>> org.apereo.cas:cas-server-support-ldap:${casServerVersion} in 
>>>>>>>>> build.graddle 
>>>>>>>>> and rebuild CAS app.
>>>>>>>>> Regards,
>>>>>>>>> BN
>>>>>>>>>
>>>>>>>>> poniedziałek, 22 marca 2021 o 15:50:04 UTC+1 Jérémie Pilette 
>>>>>>>>> napisał(a):
>>>>>>>>>
>>>>>>>>>> Here my cas.properties
>>>>>>>>>>
>>>>>>>>>> ***********
>>>>>>>>>> cas.server.name=https://xxxxx.xxxxx.fr
>>>>>>>>>> cas.server.prefix=${cas.server.name}/cas
>>>>>>>>>>
>>>>>>>>>> logging.config=file:/etc/cas/config/log4j2.xml
>>>>>>>>>>
>>>>>>>>>> cas.service-registry.json.location=file:/etc/cas/services
>>>>>>>>>>
>>>>>>>>>> cas.authn.ldap[0].principal-attribute-list=cn,givenName,sn
>>>>>>>>>>
>>>>>>>>>> # cas.authn.ldap[0].collect-dn-attribute=false
>>>>>>>>>> # cas.authn.ldap[0].principal-dn-attribute-name=
>>>>>>>>>> # cas.authn.ldap[0].allow-multiple-principal-attribute-values=true
>>>>>>>>>> # cas.authn.ldap[0].allow-missing-principal-attribute-value=true
>>>>>>>>>> # cas.authn.ldap[0].credential-criteria=
>>>>>>>>>>
>>>>>>>>>> cas.authn.ldap[0].ldap-url=ldap://xxx.yyyy.com
>>>>>>>>>> cas.authn.ldap[0].bind-dn=userdn
>>>>>>>>>> cas.authn.ldap[0].bind-credential=pwd
>>>>>>>>>>
>>>>>>>>>> cas.authn.ldap[0].base-dn=my_base_dn
>>>>>>>>>> cas.authn.ldap[0].subtree-search=true
>>>>>>>>>> cas.authn.ldap[0].search-filter=my_filter
>>>>>>>>>> cas.authn.ldap[0].page-size=0
>>>>>>>>>>
>>>>>>>>>> cas.authn.ldap[0].principal-attribute-password=userPassword
>>>>>>>>>>
>>>>>>>>>> cas.authn.ldap[0].min-pool-size=3
>>>>>>>>>> cas.authn.ldap[0].max-pool-size=10
>>>>>>>>>> cas.authn.ldap[0].validate-on-checkout=true
>>>>>>>>>> cas.authn.ldap[0].validate-periodically=true
>>>>>>>>>> cas.authn.ldap[0].validate-period=PT5M
>>>>>>>>>> cas.authn.ldap[0].validate-timeout=PT5S
>>>>>>>>>> cas.authn.ldap[0].fail-fast=false
>>>>>>>>>> cas.authn.ldap[0].idle-time=PT10M
>>>>>>>>>> cas.authn.ldap[0].prune-period=PT2H
>>>>>>>>>> cas.authn.ldap[0].block-wait-time=PT3S
>>>>>>>>>> cas.authn.ldap[0].use-start-tls=true
>>>>>>>>>> cas.authn.ldap[0].response-timeout=PT5S
>>>>>>>>>> *******************
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Le lundi 22 mars 2021 à 15:37:56 UTC+1, Jérémie Pilette a écrit :
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>> I have just install the CAS server version 6.4 and made my LDAP 
>>>>>>>>>>> configuration.
>>>>>>>>>>> Impossible for users to authenticate.
>>>>>>>>>>> Maybe I forget something... I do not know what...
>>>>>>>>>>>
>>>>>>>>>>> Do you have an idea please ?
>>>>>>>>>>>
>>>>>>>>>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/45671705-1cc1-448a-9fb0-78d06097bd6cn%40apereo.org.

Reply via email to