The finalized working bit for Active Directory LDAP was:
# Working LDAP Auth
cas.authn.ldap[0].order=0
cas.authn.ldap[0].name=Active Directory
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldap://<DC FQDN>:389
cas.authn.ldap[0].validatePeriod=270
cas.authn.ldap[0].poolPassivator=NONE
cas.authn.ldap[0].searchFilter=sAMAccountName={user}
cas.authn.ldap[0].baseDn=OU=Staff,DC=...
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].bindDn=CN=casbind,CN=Users,DC=...
cas.authn.ldap[0].bindCredential=<password>
# Working LDAP Auth
:D
I even got Duo MFA working today. Thanks all!
On Tuesday, February 8, 2022 at 3:55:18 PM UTC-5 Felix Schumacher wrote:
> Are you sure, that you need to set dnFormat? If you have users in
> different ou's, it will be difficult to use with a template as cn=%s,ou=...
> and should not the dn be found by the searchFilter?
>
> Felix
> Am 08.02.22 um 19:13 schrieb Michael Santangelo:
>
> I changed my config to:
>
> cas.authn.ldap[0].order=0
> cas.authn.ldap[0].name=Tech Active Directory
> cas.authn.ldap[0].type=AD
> cas.authn.ldap[0].ldapUrl=ldap://<hostname>:389
> cas.authn.ldap[0].validatePeriod=270
> cas.authn.ldap[0].poolPassivator=NONE
> cas.authn.ldap[0].searchFilter=sAMAccountName={user}
> cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
> cas.authn.ldap[0].dnFormat=CN=%s,OU=Technology,OU=Staff,DC=...
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].bindDn=CN=casbind,CN=Users,DC=...
> cas.authn.ldap[0].bindCredential=<a password>
>
> And now it's working for people in that OU... Time to see if I can expand
> it to the entire Staff OU...
>
> On Tuesday, February 8, 2022 at 11:03:31 AM UTC-5 Michael Santangelo wrote:
>
>> Hello all,
>>
>> Forgive me for this, I'm brand new to CAS and I'm trying to get LDAP
>> working.
>>
>> I built an Ubuntu VM and did initial setup by doing:
>>
>> 1. git clone https://github.com/apereo/cas-overlay-template
>> 2. I did some initial config changes in the cas.properties to get SSL
>> up and running
>> 3. Ran sudo ./gradlew clean copyCasConfiguration build run
>> 4. I can login using the casuser and the default password as
>> expected. This part is all working fine.
>>
>> So I tried adding LDAP support by:
>>
>> 1. Modify build.gradle by adding
>> implementation
>> "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
>> to the dependencies section.
>> 2. Modify cas.properties by adding:
>> # Disable casuser
>> cas.authn.accept.users=
>> # LDAP Servers Authenticated
>> cas.authn.ldap[0].ldapUrl=ldap://<ldap server ip>:389
>> #cas.authn.ldap[0].usessl=false
>> cas.authn.ldap[0].useStartTls=false
>> cas.authn.ldap[0].type=AUTHENTICATED
>> cas.authn.ldap[0].bindDn=cn=cas bind,CN=Users,DC=...
>> cas.authn.ldap[0].bindCredential=<the password>
>> # LDAP Servers Authenticated
>>
>> # Search For CAS User
>> cas.authn.ldap[0].baseDn=OU=Technology,OU=Staff,DC=CHS,DC=...
>> cas.authn.ldap[0].subtreeSearch=true
>> #cas.authn.ldap[0].searchFilter=(&(objectClass=person)(uid={user}))
>> #cas.authn.ldap[0].searchFilter=uid={user}
>> cas.authn.ldap[0].searchFilter=sAMAaccountName={user}
>> #cas.authn.ldap[0].principalAttributeList=cn,givenName,mail,sn
>> # Search for CAS User
>> 3. Ran sudo ./gradlew clean copyCasConfiguration build run
>>
>> The page loads as usual. I am unable to login as casuser, which is
>> expected. I cannot login with any domain credentials.
>>
>> In the log I get an error:
>> 2022-02-08 15:43:49,567 INFO
>> [org.apereo.cas.authentication.DefaultAuthenticationManager] -
>> <[LdapAuthenticationHandler] exception details: [Unable to resolve user dn
>> for <a username>].>
>>
>> So I tried to verify that the server can connect via LDAP:
>>
>> ldapsearch -H ldap://<ldap server ip>:389 -D "CN=cas
>> bind,CN=Users,DC=..." -W samaccountname=<a username> -b
>> "OU=Technology,OU=Staff,DC=..." -v
>>
>> And I receive a valid result.
>>
>> I'm not sure where the disconnect is, or what else I should search for.
>> Any tips or suggestions that you could provide would be helpful.
>>
>> I'm attaching the output of Task :run.
>>
> --
>
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
>
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/bff98751-3a50-4786-81a9-cc38a6228cc4n%40apereo.org
>
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/bff98751-3a50-4786-81a9-cc38a6228cc4n%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/90903bc4-fd27-4942-a4fb-5cf313e8dd08n%40apereo.org.
