--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b258f3d5-dc2d-431f-b305-477d3ebbda26%40apereo.org.
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
I've now changed it to this:
#AD Configurationscas.authn.ldap[0].type=ADcas.authn.ldap[0].ldapUrl=ldap://alpha.beta.gamma:389#cas.authn.ldap[0].connectionStrategy=cas.authn.ldap[0].useSsl=falsecas.authn.ldap[0].useStartTls=falsecas.authn.ldap[0].connectTimeout=5000cas.authn.ldap[0].subtreeSearch=truecas.authn.ldap[0].baseDn=dc=beta,dc=gammacas.authn.ldap[0].userFilter=cn={user}
cas.authn.ldap[0].bindDn=user@beta.gamma
cas.authn.ldap[0].bindCredential=userPasswordStill not working with the same error.
On Thursday, February 22, 2018 at 1:32:54 PM UTC-6, Kevin Liu wrote:Hello,I can't seem to make heads or tailed of getting CAS to talk to LDAPI know my LDAP is working because using the following command, I can see all LDAP entries:ldapsearch -x -h alpha.beta.gamma -D us...@beta.gamma -W -b "dc=beta,dc=gamma"My assumption is that since these credentials are being accepted by LDAP, I just have to configure CAS to use them. Is this correct?So far, my cas.properties contains the following:cas.authn.ldap[0].order: 0cas.authn.ldap[0].name: LDAPcas.authn.ldap[0].type: ADcas.authn.ldap[0].ldapUrl: ldap://alpha.beta.gamma:389cas.authn.ldap[0].baseDn: dc=di2e,dc=civThis is not working as I get a ton of errors saying that CAS has not connected to LDAP.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1cdff6f8-36ef-4acd-a5b4-ef1b55fa6691%40apereo.org.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/80693656-73a4-428d-821b-a59141f1fb22%40apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/80693656-73a4-428d-821b-a59141f1fb22%40apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/80693656-73a4-428d-821b-a59141f1fb22%40apereo.org.
cn=gnarls,ou=TNSUsers,dc=tns,dc=newschool,dc=edu
cn=%s,ou=TNSUsers,dc=tns,dc=newschool,dc=edu
cas.authn.ldap[0].userFilter=cn={user}
cas.authn.ldap[0].userFilter=sAMAccountName={user}
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57fd43a0-e5cc-48f4-b0d5-36a6c9837217%40apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57fd43a0-e5cc-48f4-b0d5-36a6c9837217%40apereo.org.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f920a33a-c9e9-4404-afd6-d804518ae46f%40apereo.org.
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4c960c01-c31d-4c3b-8386-c9dadafaf812%40apereo.org.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
cas.authn.ldap[0].userFilter=cn={user}
cas.authn.ldap[0].userFilter=sAMAccountName={user}
cas.authn.ldap[0].bindDn=us...@beta.gammacas.authn.ldap[0].bindCredential=user1Password
cas.authn.ldap[0].dnFormat=CN=User 1,OU=Test,OU=alpha,DC=beta,DC=gamma
cas.authn.ldap[0].dnFormat=CN=%s,OU=Test,OU=alpha,DC=beta,DC=gamma
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/85619ded-76ed-458e-8e23-a887cffb945a%40apereo.org.
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
Just to make sure I understand the LDAP and CAS connection properly, CAS is sending over a set of credentials to first access the LDAP correct? Is that the bindDN and bindCredential? Does it then search through the result query for userFilter for a match?Also, I'm a little confused about the dNFormat. I inputed directly what is the DN for user 1. However, for other users, since they belong to different OU, how do I change the code such that it becomes more versatile?My eventual goal is for cas to authenticate users from a single OU.Thank you all for bearing with me so far and all my questions.
On Friday, February 23, 2018 at 11:44:35 AM UTC-6, Kevin Liu wrote:
I finally got it to talk to my LDAP! I've realized I should also put that my LDAP is really a MSDN. It is in a very limited capacity though. Here is my cas.properties and I hope someone can help me figure out how to expand the scope of authentication. My apologies about the obfuscation.
#AD Configurationscas.authn.ldap[0].type=ADcas.authn.ldap[0].ldapUrl=ldap://ladpserver:389cas.authn.ldap[0].useSsl=falsecas.authn.ldap[0].useStartTls=falsecas.authn.ldap[0].connectTimeout=5000cas.authn.ldap[0].subtreeSearch=truecas.authn.ldap[0].baseDn=dc=beta,dc=gammacas.authn.ldap[0].userFilter=cn={user}
cas.authn.ldap[0].bindDn=user1@beta.gamma
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/197ffc37-0e97-4a1b-b997-30c462259b65%40apereo.org.To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
Sorry if I get involved in the discussion, but I have the same problem.
I dscovered that the property cas.authn.ldap[0].dnFormat is mandatory. However, although I have correcly provided a value for such a property, its value is always null.
I'm trying to use Active Directory as the CAS backend, but I'm getting an error saying "IllegalArgumentException: Dn format cannot be empty/blank for active directory authentication". I opened a question on stackoverflow (https://stackoverflow.com/questions/48949970/apereo-cas-activedirectory-illegalargumentexception-dn-format-cannot-be-empt).
I need to know where the @Bean AbstractLdapAuthenticationProperties is created and filled, so that (maybe) I'll be able to identify why the dnFormat is ALWAYS null, also if in cas.properties I have a correct value for cas.authn.ldap[0].dnFormat.
I'm looking for someone that can put me on the right way.
Thanks in advance for your attention.
Kind regards, Lorenzocas.authn.ldap[0].bindDn=us...@beta.gamma
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/197ffc37-0e97-4a1b-b997-30c462259b65%40apereo.org.
<Property name="cas.log.level" >warn</Property>
<Property name="cas.log.level" >debug</Property>
<AsyncLogger name="org.ldaptive" level="warn" />
<AsyncLogger name="org.ldaptive" level="debug" />
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
cas.authn.ldap[0].bindDn=user1@beta.gamma
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/73cfed99-5049-4eff-a0f9-880e8edf37df%40apereo.org.
cas.authn.ldap[0].bindDn=us...@beta.gamma
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/73cfed99-5049-4eff-a0f9-880e8edf37df%40apereo.org.
<AsyncLogger name="org.apereo.cas.authentication" level="debug" includeLocation="true"/>
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
cas.authn.ldap[0].bindDn=user1@beta.gamma
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f8568e68-b156-44fc-b2fd-5d42841b47a9%40apereo.org.
cas.authn.ldap[0].bindDn=us...@beta.gamma
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f8568e68-b156-44fc-b2fd-5d42841b47a9%40apereo.org.
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
cas.authn.ldap[0].bindDn=user1@beta.gamma
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e69a02bf-4b0f-4ccf-a8f2-2a2540d91fc0%40apereo.org.
AD | Acive Directory - Users authenticate with sAMAccountName typically using a DN format. |
cas.authn.ldap[0].bindDn=us...@beta.gamma
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e69a02bf-4b0f-4ccf-a8f2-2a2540d91fc0%40apereo.org.
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
cas.authn.ldap[0].bindDn=user1@beta.gamma
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bfcb11c7-2b31-4c02-9128-4deab371f77c%40apereo.org.
cas.authn.ldap[0].bindDn=us...@beta.gamma
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bfcb11c7-2b31-4c02-9128-4deab371f77c%40apereo.org.
- Gitter Chatroom: <a href="https://gitter.im/apereo/cas" target="_blank" rel="nofollow" onmousedown="this.href='https://www.google.com/url?q\x3dhttps%3A%2F%2Fgitter.im%2Fapereo%2Fcas\x26sa\x3dD\x
Hello,I can't seem to make heads or tailed of getting CAS to talk to LDAPI know my LDAP is working because using the following command, I can see all LDAP entries:ldapsearch -x -h alpha.beta.gamma -D us...@beta.gamma -W -b "dc=beta,dc=gamma"My assumption is that since these credentials are being accepted by LDAP, I just have to configure CAS to use them. Is this correct?So far, my cas.properties contains the following:cas.authn.ldap[0].order: 0cas.authn.ldap[0].name: LDAPcas.authn.ldap[0].type: ADcas.authn.ldap[0].ldapUrl: ldap://alpha.beta.gamma:389cas.authn.ldap[0].baseDn: dc=di2e,dc=civThis is not working as I get a ton of errors saying that CAS has not connected to LDAP.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b258f3d5-dc2d-431f-b305-477d3ebbda26%40apereo.org.
--
- Website: <a href="https://apereo.github.io/cas" rel="nofollow" target="_blank" onmousedown="this.href='https://www.google.com/url?q\x3dhttps%3A%2F%2Fapereo.github.io%2Fcas\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFAB1DouAblVCB_fs7OnjIPeObKcw';return true;" onclick="this.href='https://www.google.com/url?q\x3
So I've included an extra ldap index to get around multiple OUs. I can now authenticate users but only with their full name and not their sAMAccountName. For example, on the cas login screen, if I put my sAMAccountName kliu as the username and the associated password, I get denied but if I put Kevin Liu I can login. It doesn't seem like userFilter=sAMAccountName={name} get used as my sAMAccountName is kliu. Maybe I don't understand userFilter completely.Marc, what other properties did you have to add to cas.properties. Your situation sounds very similar to mine.
<SNIP>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/Rtej6h-Bky0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d8a96be7-ab97-4eb4-80fe-6caeeee8d6cf%40apereo.org.
cas.authn.ldap[0].bindDn=us...@beta.gamma
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/197ffc37-0e97-4a1b-b997-30c462259b65%40apereo.org.
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/fc037ada-7544-4d3d-a221-7acfed24f5ae%40apereo.org.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/fc037ada-7544-4d3d-a221-7acfed24f5ae%40apereo.org.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOune%3DDPWW4ak44fEGm%2BFWF70TS_6FT1OFbR2GSJ0jW0A%40mail.gmail.com.To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/fc037ada-7544-4d3d-a221-7acfed24f5ae%40apereo.org.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOune%3DDPWW4ak44fEGm%2BFWF70TS_6FT1OFbR2GSJ0jW0A%40mail.gmail.com.