Re: [cas-user] Another CAS 5 and LDAP issue.

[Nour Krichene]

Hello,

It seems that some files are needed to support LDAP

In pom.xml add this script

<dependency>

     <groupId>org.apereo.cas</groupId>

     <artifactId>cas-server-support-ldap</artifactId>

     <version>${cas.version}</version>

</dependency>

after project's build add this code to etc/cas/config/cas.properties

cas.authn.accept.users=

cas.authn.ldap[0].type=AUTHENTICATED

cas.authn.ldap[0].ldapUrl=ldap://localhost:389

cas.authn.ldap[0].useSsl=false

cas.authn.ldap[0].useStartTls=false

cas.authn.ldap[0].connectTimeout=5000

cas.authn.ldap[0].baseDc=dc=example,dc=com

cas.authn.ldap[0].baseDn=ou=users,dc=example,dc=com

cas.authn.ldap[0].userFilter=uid={user}

cas.authn.ldap[0].subtreeSearch=true

cas.authn.ldap[0].usePasswordPolicy=false

cas.authn.ldap[0].bindDn=cn=admin,dc=example,dc=com

cas.authn.ldap[0].bindCredential=**********

cas.authn.ldap[0].enhanceWithEntryResolver=false

cas.authn.ldap[0].dnFormat=uid=%s,ou=users,dc=example,dc=com

cas.authn.ldap[0].principalAttributeId=uid

cas.authn.ldap[0].principalAttributePassword=

cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName

cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true

cas.authn.ldap[0].minPoolSize=3

cas.authn.ldap[0].maxPoolSize=10

cas.authn.ldap[0].validateOnCheckout=true

cas.authn.ldap[0].validatePeriodically=true

cas.authn.ldap[0].validatePeriod=600

cas.authn.ldap[0].failFast=true

cas.authn.ldap[0].idleTime=5000

cas.authn.ldap[0].prunePeriod=5000

cas.authn.ldap[0].blockWaitTime=5000

cas.authn.ldap[0].allowMultipleDns=false

cas.authn.ldap[0].passwordEncoder.type=NONE

cas.authn.ldap[0].principalTransformation.suffix=

cas.authn.ldap[0].principalTransformation.caseConversion=NONE

cas.authn.ldap[0].principalTransformation.prefix=

On Monday, April 10, 2017 at 10:57:11 PM UTC+2, bobbintb wrote:

I'm new to CAS and I have been trying to figure out how to get it to authenticate against LDAP. I'm on RHEL 7 with Tomcat 7 and CAS 5.0,4. I used the Maven overlay. My pom.xml has:

            <groupId>org.apereo.cas</groupId>

            <artifactId>cas-server-support-ldap</artifactId>

            <version>5.0.4</version>

        </dependency>

        <dependency>

            <groupId>org.apereo.cas</groupId>

            <artifactId>cas-server-support-ldap-core</artifactId>

            <version>5.0.4</version>

        </dependency>

No errors building. I didn't have the second one initially. I added it later and it made no difference

Here is my ldap section from cas.properties:

#LDAP connection info

cas.authn.accept.users=

cas.authn.ldap[0].type=AUTHENTICATED

cas.authn.ldap[0].ldapUrl=ldaps://ldap.my.org:636

cas.authn.ldap[0].useSsl=true

cas.authn.ldap[0].useStartTls=false

cas.authn.ldap[0].connectTimeout=5000

cas.authn.ldap[0].baseDn=ou=cp,o=org

cas.authn.ldap[0].principalAttributeId=uid

cas.authn.ldap[0].userFilter=cn=uid

cas.authn.ldap[0].subtreeSearch=true

cas.authn.ldap[0].usePasswordPolicy=true

cas.authn.ldap[0].bindDn=cn=cn=Directory Manager,o=org

I just keep getting the same error:

ERROR [org.apereo.cas.web.flow.AuthenticationExceptionHandler] - <Unable to translate handler errors of the authentication exception org.apereo.cas.authentication.AuthenticationException: 0 errors, 0 successes. Returning UNKNOWN by default...>

Nothing I have found has helped. I tried changing the type to DIRECT. We don't use AD so I didn't try that. Not sure if it will help. Any ideas? I'm stumped.

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ffacf27c-9a82-41b3-bb0c-61212e94a11d%40apereo.org.