I was not quite done the previous email.
cas.authn.ldap[0]...
cas.authn.ldap[1]...
etc.
Ray
On Tue, 2022-02-08 at 10:13 -0800, Michael Santangelo wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
I changed my config to:
cas.authn.ldap[0].order=0
cas.authn.ldap[0].name=Tech Active Directory
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldap://<hostname>:389
cas.authn.ldap[0].validatePeriod=270
cas.authn.ldap[0].poolPassivator=NONE
cas.authn.ldap[0].searchFilter=sAMAccountName={user}
cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
cas.authn.ldap[0].dnFormat=CN=%s,OU=Technology,OU=Staff,DC=...
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].bindDn=CN=casbind,CN=Users,DC=...
cas.authn.ldap[0].bindCredential=<a password>
And now it's working for people in that OU... Time to see if I can expand it to
the entire Staff OU...
On Tuesday, February 8, 2022 at 11:03:31 AM UTC-5 Michael Santangelo wrote:
Hello all,
Forgive me for this, I'm brand new to CAS and I'm trying to get LDAP working.
I built an Ubuntu VM and did initial setup by doing:
1. git clone https://github.com/apereo/cas-overlay-template
2. I did some initial config changes in the cas.properties to get SSL up and
running
3. Ran sudo ./gradlew clean copyCasConfiguration build run
4. I can login using the casuser and the default password as expected. This
part is all working fine.
So I tried adding LDAP support by:
1. Modify build.gradle by adding
implementation
"org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
to the dependencies section.
2. Modify cas.properties by adding:
# Disable casuser
cas.authn.accept.users=
# LDAP Servers Authenticated
cas.authn.ldap[0].ldapUrl=ldap://<ldap server ip>:389
#cas.authn.ldap[0].usessl=false
cas.authn.ldap[0].useStartTls=false
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].bindDn=cn=cas bind,CN=Users,DC=...
cas.authn.ldap[0].bindCredential=<the password>
# LDAP Servers Authenticated
# Search For CAS User
cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
cas.authn.ldap[0].subtreeSearch=true
#cas.authn.ldap[0].searchFilter=(&(objectClass=person)(uid={user}))
#cas.authn.ldap[0].searchFilter=uid={user}
cas.authn.ldap[0].searchFilter=sAMAaccountName={user}
#cas.authn.ldap[0].principalAttributeList=cn,givenName,mail,sn
# Search for CAS User
3. Ran sudo ./gradlew clean copyCasConfiguration build run
The page loads as usual. I am unable to login as casuser, which is expected.
I cannot login with any domain credentials.
In the log I get an error:
2022-02-08 15:43:49,567 INFO
[org.apereo.cas.authentication.DefaultAuthenticationManager] -
<[LdapAuthenticationHandler] exception details: [Unable to resolve user dn for
<a username>].>
So I tried to verify that the server can connect via LDAP:
ldapsearch -H ldap://<ldap server ip>:389 -D "CN=cas bind,CN=Users,DC=..." -W
samaccountname=<a username> -b "OU=Technology,OU=Staff,DC=..." -v
And I receive a valid result.
I'm not sure where the disconnect is, or what else I should search for. Any
tips or suggestions that you could provide would be helpful.
I'm attaching the output of Task :run.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]<mailto:[email protected]>
I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory
the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose
historical relationships with the land continue to this day.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f58a9f3248ab49ae7a9afaddfa43d671f86b18d8.camel%40uvic.ca.
