Re: [cas-user] LDAP and CAS 5
580 views
Skip to first unread message
Jason Hitt
Apr 10, 2017, 11:12:34 AM4/10/17
to cas-...@apereo.org
I believe the AD authentication only works with the dnFormat option. The following is all we configured to use AD LDAP authentication:
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldaps://example.org
cas.authn.ldap[0].usePasswordPolicy=false
cas.authn.ldap[0].dnFormat=%s...@example.org
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldaps://example.org
cas.authn.ldap[0].usePasswordPolicy=false
cas.authn.ldap[0].dnFormat=%s...@example.org
On Wed, Jan 25, 2017 at 1:12 PM, Thiago Fernandes do Nascimento <thiagofe...@gmail.com> wrote:
Hi,--Can someone help wifh cas ldap configuration? I want to config ldap server and i receved this error:WHO: thiago.nascimento
WHAT: Supplied credentials: [thiago.nascimento]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Wed Jan 25 17:03:11 BRST 2017
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2017-01-25 17:03:11,857 ERROR [org.apereo.cas.web.flow.AuthenticationExceptionHandler] - <Unable to translate handler errors of
the authentication exception org.apereo.cas.authentication.AuthenticationException: 0 errors, 0 successes. Returning UNKNOWN by
default...>
my cas.propertiescas.authn.ldap[0].type=ADcas.authn.ldap[0].ldapUrl=ldap://myserver:389cas.authn.ldap[0].useSsl=false#cas.authn.ldap[0].useStartTls=falsecas.authn.ldap[0].connectTimeout=5000cas.authn.ldap[0].baseDn=cn=Users,dc=cobra,dc=com,dc=brcas.authn.ldap[0].userFilter=sAMAccountName={user}cas.authn.ldap[0].subtreeSearch=truecas.authn.ldap[0].usePasswordPolicy=falsecas.authn.ldap[0].bindDn=thiago.nasc...@cobra.com.brcas.authn.ldap[0].bindCredential=oct24JESUS# cas.authn.ldap[0].enhanceWithEntryResolver=true# cas.authn.ldap[0].dnFormat=uid=%s,ou=people,dc=example,dc=orgcas.authn.ldap[0].principalAttributeId=sAMAccountNamecas.authn.ldap[0].principalAttributePassword=oct24JESUScas.authn.ldap[0].principalAttributeList=sn,cn,givenName,sAMAccountNamecas.authn.ldap[0].allowMultiplePrincipalAttributeValues=truecas.authn.ldap[0].additionalAttributes=numbleOf# cas.authn.ldap[0].credentialCriteria=# cas.authn.ldap[0].saslMechanism=GSSAPI|DIGEST_MD5|CRAM_MD5|EXTERNAL# cas.authn.ldap[0].saslRealm=EXAMPLE.COM# cas.authn.ldap[0].saslAuthorizationId=# cas.authn.ldap[0].saslMutualAuth=# cas.authn.ldap[0].saslQualityOfProtection=# cas.authn.ldap[0].saslSecurityStrength=# cas.authn.ldap[0].trustCertificates=# cas.authn.ldap[0].keystore=# cas.authn.ldap[0].keystorePassword=# cas.authn.ldap[0].keystoreType=JKS|JCEKS|PKCS12cas.authn.ldap[0].minPoolSize=3cas.authn.ldap[0].maxPoolSize=10cas.authn.ldap[0].validateOnCheckout=truecas.authn.ldap[0].validatePeriodically=truecas.authn.ldap[0].validatePeriod=600#cas.authn.ldap[0].failFast=true#cas.authn.ldap[0].idleTime=5000#cas.authn.ldap[0].prunePeriod=5000#cas.authn.ldap[0].blockWaitTime=5000#cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider#cas.authn.ldap[0].allowMultipleDns=false# cas.authn.ldap[0].passwordEncoder.type=NONE|DEFAULT|STANDARD|BCRYPT# cas.authn.ldap[0].passwordEncoder.characterEncoding=# cas.authn.ldap[0].passwordEncoder.encodingAlgorithm=# cas.authn.ldap[0].passwordEncoder.secret=# cas.authn.ldap[0].passwordEncoder.strength=16# cas.authn.ldap[0].principalTransformation.suffix=# cas.authn.ldap[0].principalTransformation.caseConversion=NONE|UPPERCASE|LOWERCASE# cas.authn.ldap[0].principalTransformation.prefix=# cas.authn.ldap[0].passwordPolicy.enabled=true# cas.authn.ldap[0].passwordPolicy.policyAttributes.accountLocked=javax.security.auth.login.AccountLockedException# cas.authn.ldap[0].passwordPolicy.loginFailures=5# cas.authn.ldap[0].passwordPolicy.warningAttributeValue=# cas.authn.ldap[0].passwordPolicy.warningAttributeName=# cas.authn.ldap[0].passwordPolicy.displayWarningOnMatch=true# cas.authn.ldap[0].passwordPolicy.warnAll=true# cas.authn.ldap[0].passwordPolicy.warningDays=30# cas.authn.ldap[0].passwordPolicy.url=https://password.example.edu/changethanks!
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9e13c52-4d52-42af-8b1d-4629ac5125b5%40apereo.org.
Nour Krichene
Apr 10, 2017, 5:13:32 PM4/10/17
to jasig-cas-user, cas-...@apereo.org, thiagofe...@gmail.com
Hello
did you verify your credentials ?
did you verify your credentials ?
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
Vibhor Sharma
Apr 21, 2017, 8:37:08 AM4/21/17
to CAS Community
Try to change following settings
cas.authn.ldap[0].type=AUTHENTICATED
Reply all
Reply to author
Forward
0 new messages