CAS connect active directory
77 views
Skip to first unread message
cheekian yap
Dec 17, 2020, 8:46:24 AM12/17/20
to CAS Community
Hi,
CAS 6.2.6
I'm trying to connect AD but to no success. Below is my configuration:
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldap-url=ldap://xxxxx:389
cas.authn.ldap[0].connect-timeout=PT5S
cas.authn.ldap[0].base-dn=OU=test-ou,DC=test,DC=com
cas.authn.ldap[0].use-start-tls=false
cas.authn.ldap[0].bind-dn=CN=yap,CN=Users,DC=yap,DC=com
cas.authn.ldap[0].bind-credential="xxxx"
cas.authn.ldap[0].dn-format=%s...@yap.com
cas.authn.ldap[0].principal-attribute-id=sAMAccountName
cas.authn.ldap[0].principal-attribute-password=
cas.authn.ldap[0].principal-attribute-list=sAMAccountName,sn,cn,givenName,displayName
cas.authn.ldap[0].fail-fast=false
The error message is saying something wrong with my config but I couldn't figure it out
2020-12-17 13:42:33,109 ERROR [org.ldaptive.PooledConnectionFactory] - <[org.ldaptive.PooledConnectionFactory@1671900358::name=null, minPoolSize=3, maxPoolSize=10, validateOnCheckIn=false, validateOnCheckOut=true, validatePeriodically=true, activator=org.ldaptive.pool.AbstractConnectionPool$$Lambda$961/0x00000008408fb440@5d93ff21, passivator=[org.ldaptive.pool.BindConnectionPassivator@1639778373::bindRequest=org.ldaptive.SimpleBindRequest@217024605::controls=null, dn=CN=yap,CN=Users,DC=yap,DC=com], validator=[org.ldaptive.SearchConnectionValidator@903086943::validatePeriod=PT5M, validateTimeout=PT5S, searchRequest=org.ldaptive.SearchRequest@284170226::controls=null, dn=, scope=OBJECT, aliases=NEVER, sizeLimit=1, timeLimit=PT0S, typesOnly=false, filter=org.ldaptive.filter.PresenceFilter@b262ac96, returnAttributes=[1.1], binaryAttributes=null], pruneStrategy=[org.ldaptive.pool.IdlePruneStrategy@1867499583::prunePeriod=PT2H, idleTime=PT10M], connectOnCreate=true, connectionFactory=[org.ldaptive.DefaultConnectionFactory@1723402931::transport=[org.ldaptive.transport.netty.ConnectionFactoryTransport@384097113::channelType=class io.netty.channel.epoll.EpollSocketChannel, ioWorkerGroup=io.netty.channel.epoll.EpollEventLoopGroup@33fec21, messageWorkerGroup=null, shutdownOnClose=true], config=[org.ldaptive.ConnectionConfig@1416852258::ldapUrl=ldap://35.194.212.190:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$957/0x00000008408fa440@5a8b42a3, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@1457162311::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@7323c38c, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=[org.ldaptive.BindConnectionInitializer@661941342::bindDn=CN=yap,CN=Users,DC=yap,DC=com, bindSaslConfig=null, bindControls=null], connectionStrategy=org.ldaptive.ActivePassiveConnectionStrategy@2c02a007, connectionValidator=null, transportOptions={}]], failFastInitialize=false, initialized=true, availableCount=0, activeCount=0, blockWaitTime=PT3S] unable to open connection for pooling>
org.ldaptive.ConnectException: Connection initializer org.ldaptive.BindConnectionInitializer@661941342::bindDn=CN=yap,CN=Users,DC=yap,DC=com, bindSaslConfig=null, bindControls=null returned response: org.ldaptive.BindResponse@-1978869692::messageID=1, controls=[], resultCode=INVALID_CREDENTIALS, matchedDN=, diagnosticMessage=80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839, referralURLs=[] for URL [org.ldaptive.LdapURL@-2057272632::scheme=ldap, hostname=35.194.212.190, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]
cheekian yap
Dec 17, 2020, 8:50:54 AM12/17/20
to CAS Community, cheekian yap
The exception that comes is saying INVALID_CREDENTIALS. Are the following properties contribute to the exception?
cas.authn.ldap[0].bind-dn=CN=yap,CN=Users,DC=yap,DC=com
cas.authn.ldap[0].bind-credential="xxxx"
cheekian yap 在 2020年12月17日 星期四下午9:46:24 [UTC+8] 的信中寫道:
Daniel Fisher
Dec 17, 2020, 9:41:24 AM12/17/20
to cas-...@apereo.org
On Thu, Dec 17, 2020 at 8:51 AM cheekian yap <yap.s...@gmail.com> wrote:
The exception that comes is saying INVALID_CREDENTIALS. Are the following properties contribute to the exception?cas.authn.ldap[0].bind-dn=CN=yap,CN=Users,DC=yap,DC=comcas.authn.ldap[0].bind-credential="xxxx"
Yes. Try removing the double quotes from the bind-credential property.
--Daniel Fisher
Reply all
Reply to author
Forward
0 new messages