Hi,
yes it runs fine on ;
- Debian 12
- Tomcat10 from distro
- openjdk 21 from download.java.net/java/GA/jdk21/... ( Just be sure to
link CA certificates files to those of the distro, something like this
:sudo ln -s /etc/ssl/certs/java/cacerts
/usr/lib/jvm/java-21-openjdk-amd64/lib/security/cacerts )
You might turn on debug mode editing /etc/cas/config/log4j2.xml to get
errors in catalina.out (turn warn to debug)
Obviously you might also check your ldapserver and firewall logs, trafic on
your net interfaces etc.
Have you added those deps before building cas-overlay-config clone to make
it work with ldap (at the very bottom of build.gradle file) ?:
implementation "org.apereo.cas:cas-server-support-ldap"
implementation "org.apereo.cas:cas-server-support-ldap-core"
(note that if you're using ldap for other purpose (AUP, surrogate ...)
You'll have to add more ldap deps ...)
Have you tried ldapsearch requests thru ssl (starttls/ldaps) from the
command line ?
hope it helps
Le mardi 25 juin 2024 à 15:39:58 UTC+2, charlie derr a écrit :
> Hi all,
>
> As we work on attempting to bring a CAS7 instance into production to
> replace an older version, we're finding that we're struggling with some
> basics (the previous sysadmin who did the heavy lifting in standing up that
> older version a number of years ago has moved on and is no longer part of
> our team).
>
> Is tomcat10 running on debian12 a reasonable choice to make? We use debian
> for almost all of our GNU/linux VMs now for all other server applications.
> But if CAS is just easier, more robust, and/or not as challenging to
> properly secure on RHEL9 or some other distro, we're willing to consider
> that.
>
> And on any platform, how can we enable debug-level logging. Our biggest
> challenge right at the moment is to get a new CAS7 development instance to
> talk to our test LDAP server. Success has been achieved by a colleague of
> mine when he installed both the CAS instance and a test LDAP server on the
> same VM, but we need to have the CAS server talk to and LDAP server on
> another VM for production, and we can't seem to make that happen
> (ldapsearch queries from the CAS server's bash shell to the external LDAP
> server succeed, so we don't think there are firewall/network issues causing
> problems). It'd be great if we could find a way to have verbose logging on
> the LDAP connection attempt that's failing from within CAS, catalina,
> and/or tomcat...
>
> thanks so very much in advance for whatever information you might
> have and/or pointers to specific documentation we might have missed (or not
> read thoroughly enough?),
>
> ~c
> --
> Charlie Derr Director of Instructional Technology
> Bard College at Simon's Rock https://simons-rock.edu
> Encryption key: https://hope.simons-rock.edu/~cderr/
> 413-528-7344 <(413)%20528-7344> Pronouns: he/him/his
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a52362f6-712c-4151-83d2-4f95ac99cffan%40apereo.org.
