That's a typo artifact.
It should be:
cas.authn.ldap[0].searchFilter=sAMAccountName={user}
I disable StartTLS because I wanted to make sure I could get it working
before introducing any sort of TLS/SSL for LDAPS. Getting the certificates
to cooperate has proven to be difficult as I am new to working on these
things. Do you think it would make a difference?
On Tuesday, February 8, 2022 at 11:13:48 AM UTC-5 Felix Schumacher wrote:
>
> Am 08.02.22 um 17:00 schrieb Michael Santangelo:
>
> Hello all,
>
> Forgive me for this, I'm brand new to CAS and I'm trying to get LDAP
> working.
>
> I built an Ubuntu VM and did initial setup by doing:
>
> 1. git clone https://github.com/apereo/cas-overlay-template
> 2. I did some initial config changes in the cas.properties to get SSL
> up and running
> 3. Ran sudo ./gradlew clean copyCasConfiguration build run
> 4. I can login using the casuser and the default password as
> expected. This part is all working fine.
>
> So I tried adding LDAP support by:
>
> 1. Modify build.gradle by adding
> implementation
> "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
> to the dependencies section.
> 2. Modify cas.properties by adding:
> # Disable casuser
> cas.authn.accept.users=
> # LDAP Servers Authenticated
> cas.authn.ldap[0].ldapUrl=ldap://<ldap server ip>:389
> #cas.authn.ldap[0].usessl=false
> cas.authn.ldap[0].useStartTls=false
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].bindDn=cn=cas bind,CN=Users,DC=...
> cas.authn.ldap[0].bindCredential=<the password>
> # LDAP Servers Authenticated
>
> # Search For CAS User
> cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
> cas.authn.ldap[0].subtreeSearch=true
> #cas.authn.ldap[0].searchFilter=(&(objectClass=person)(uid={user}))
> #cas.authn.ldap[0].searchFilter=uid={user}
> cas.authn.ldap[0].searchFilter=sAMAaccountName={user}
>
> Is this a typo on your config? You have two a's after the initial SAM.
>
> Felix
>
> PS. Why do you disable startTLS?
>
>
> 1. #cas.authn.ldap[0].principalAttributeList=cn,givenName,mail,sn
> # Search for CAS User
> 2. Ran sudo ./gradlew clean copyCasConfiguration build run
>
> The page loads as usual. I am unable to login as casuser, which is
> expected. I cannot login with any domain credentials.
>
> In the log I get an error:
> 2022-02-08 15:43:49,567 INFO
> [org.apereo.cas.authentication.DefaultAuthenticationManager] -
> <[LdapAuthenticationHandler] exception details: [Unable to resolve user dn
> for <a username>].>
>
> So I tried to verify that the server can connect via LDAP:
>
> ldapsearch -H ldap://<ldap server ip>:389 -D "CN=cas
> bind,CN=Users,DC=..." -W samaccountname=<a username> -b
> "OU=Technology,OU=Staff,DC=..." -v
>
> And I receive a valid result.
>
> I'm not sure where the disconnect is, or what else I should search for.
> Any tips or suggestions that you could provide would be helpful.
>
> I'm attaching the output of Task :run.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5be8d9ff-f43d-4347-9f64-3842676a4a7fn%40apereo.org
>
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/5be8d9ff-f43d-4347-9f64-3842676a4a7fn%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6d5166ea-41d4-464e-abfe-c647dd058924n%40apereo.org.
