CAS 6.5 ldap authentication failed

[Baba Ndiaye]

hi i install CAS 6.5 snapshot and i configure the LDAP authentication like this but i can't connexion with ldap users (ubuntu 20.04)

apt install tomcat9 tomcat9-admin tomcat9-user openjdk-11-jdk openjdk-11-jre maven build-essential git -y

echo "JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64/" >> /etc/environment

source /etc/environment

add this line /etc/default/tomcat9

JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64

add these lines /etc/tomcat9/tomcat-users.xml

<role rolename="admin-gui"/>

<user username="admin" password="passer" roles="manager-gui,admin-gui"/> 

systemctl restart tomcat9

keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore cas.keystore

complete questions...

mv cas.keystore /etc/tomcat9/

add these lines /etc/tomcat9/server.xml

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

               maxThreads="150" scheme="https" secure="true"

               clientAuth="false" sslProtocol="TLS" keystoreFile="/etc/tomcat7/cas.keystore"

               keystorePass="123456" />

service tomcat9 restart

cd /opt/

git clone https://github.com/apereo/cas-overlay-template

cd cas-overlay-template

add this line in build.gradle

dependencies {

    // Add modules in format compatible with overlay casModules property

    if (project.hasProperty("casModules")) {

        def dependencies = project.getProperty("casModules").split(",")

        dependencies.each {

            def projectsToAdd = rootProject.subprojects.findAll {project ->

                project.name == "cas-server-core-${it}" || project.name == "cas-server-support-${it}"

            }

            projectsToAdd.each {implementation it}

        }

    }

    // CAS dependencies/modules may be listed here statically...

 

//i only add this line

implementation "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"

add these lines in cas.properties

cas.server.name=https://192.168.1.6:8443

#############mes mes ajouts##################

cas.authn.ldap[0].type=AUTHENTICATED

cas.authn.ldap[0].ldapUrl=ldap://192.168.1.6:389

cas.authn.ldap[0].baseDn=dc=retel,dc=sn

cas.authn.ldap[0].searchFilter=uid={user}

cas.authn.ldap[0].subtreeSearch=true

cas.authn.ldap[0].bindDn=cn=admin,dc=retel,dc=sn

cas.authn.ldap[0].bindCredential=passer

cas.authn.ldap[0].principalAttributeId=uid

#cas.authn.ldap[0].principalAttributePassword=password

################ fin ajout #################

cd /opt/cas-overlay-template

./gradlew clean

success

./gradlew clean copyCasConfiguration build

success

./gradlew createKeystore

success

cp /opt/cas-overlay-template/build/libs/cas.war /var/lib/tomcat9/webapps/

systemctl restart tomcat9.service

https://192.168.1.6:8443/cas i have the web interface

but connexion with ldap users failed

slapcat

617ea503 /etc/ldap/slapd.conf: line 103: rootdn is always granted unlimited privileges.

617ea503 /etc/ldap/slapd.conf: line 120: rootdn is always granted unlimited privileges.

dn: dc=retel,dc=sn

objectClass: top

objectClass: dcObject

objectClass: organization

o: retel.sn

dc: retel

structuralObjectClass: organization

entryUUID: 5d28ef16-ce92-103b-941c-010debc66135

creatorsName: cn=admin,dc=retel,dc=sn

createTimestamp: 20211031123232Z

entryCSN: 20211031123232.443947Z#000000#000#000000

modifiersName: cn=admin,dc=retel,dc=sn

modifyTimestamp: 20211031123232Z

dn: cn=admin,dc=retel,dc=sn

objectClass: simpleSecurityObject

objectClass: organizationalRole

cn: admin

description: LDAP administrator

userPassword:: e1NTSEF9bnRBeUlGVlQyYU4wSzE1cnVUZ01UMUs2TjhIcVB2VmI=

structuralObjectClass: organizationalRole

entryUUID: 5d2ae1a4-ce92-103b-941d-010debc66135

creatorsName: cn=admin,dc=retel,dc=sn

createTimestamp: 20211031123232Z

entryCSN: 20211031123232.456707Z#000000#000#000000

modifiersName: cn=admin,dc=retel,dc=sn

modifyTimestamp: 20211031123232Z

dn: ou=people,dc=retel,dc=sn

objectClass: organizationalUnit

ou: people

structuralObjectClass: organizationalUnit

entryUUID: 67503832-ce92-103b-8113-ed77ac459179

creatorsName: cn=admin,dc=retel,dc=sn

createTimestamp: 20211031123249Z

entryCSN: 20211031123249.478623Z#000000#000#000000

modifiersName: cn=admin,dc=retel,dc=sn

modifyTimestamp: 20211031123249Z

dn: ou=groups,dc=retel,dc=sn

objectClass: organizationalUnit

ou: groups

structuralObjectClass: organizationalUnit

entryUUID: 67508a6c-ce92-103b-8114-ed77ac459179

creatorsName: cn=admin,dc=retel,dc=sn

createTimestamp: 20211031123249Z

entryCSN: 20211031123249.480727Z#000000#000#000000

modifiersName: cn=admin,dc=retel,dc=sn

modifyTimestamp: 20211031123249Z

dn: uid=baba,ou=people,dc=retel,dc=sn

objectClass: inetOrgPerson

objectClass: posixAccount

objectClass: shadowAccount

cn: baba

sn: ndiaye

userPassword:: e1NTSEF9b1J6YlMwY2F6SjRwcFhPM2dzdnlGNVlQeEl3YlZqT08=

loginShell: /bin/bash

uidNumber: 2000

gidNumber: 2000

homeDirectory: /home/baba

structuralObjectClass: inetOrgPerson

uid: baba

entryUUID: 4b378286-ce97-103b-96ed-4556d95face2

creatorsName: cn=admin,dc=retel,dc=sn

createTimestamp: 20211031130749Z

entryCSN: 20211031130749.824128Z#000000#000#000000

modifiersName: cn=admin,dc=retel,dc=sn

modifyTimestamp: 20211031130749Z

root@ldap:~#

 please help