Password Management multiple ldap backends
76 views
Skip to first unread message
Timothy Hansen
Feb 6, 2024, 9:51:40 PM2/6/24
to CAS Community
We currently have CAS configured to authenticate against two different ldap directories with openLDAP taking priority but with Active Directory as a fallback. For example:
cas.authn.ldap[0].order=0
cas.authn.ldap[1].order=1
etc...
When I try to replicate this with cas.authn.pm.ldap[0].etc... and cas.authn.pm.ldap[1].etc... configs I get:
java.lang.RuntimeException: jakarta.servlet.ServletException: Request processing failed: org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.pm.web.flow.actions.SendPasswordResetInstructionsAction@321668ff in state 'sendPasswordResetInstructions' of flow 'login' -- action execution attributes were 'map[[empty]]'
java.lang.RuntimeException: jakarta.servlet.ServletException: Request processing failed: org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.pm.web.flow.actions.SendPasswordResetInstructionsAction@321668ff in state 'sendPasswordResetInstructions' of flow 'login' -- action execution attributes were 'map[[empty]]'
I can comment out one or the other and successfully reset my password in one of the two ldap directories but adding in both causes the error. Is password management only supported for one configured ldap directory? The goal is for the accounts and passwords to be the same in both?
On a separate note I tried joining the apereo slack server but our @apu.edu needs to be registered first? Is someone able to add me to that or is that slack instance not really used?
atilling
Feb 14, 2024, 1:42:29 PM2/14/24
to CAS Community, Timothy Hansen
We only do password management against on ldap and then use a sync on the backend to keep the two LDAP servers in sync for passwords.
Reply all
Reply to author
Forward
0 new messages