Another CAS 5 LDAP issue

[bobbintb]

I'm new to CAS and I have been trying to figure out how to get it to authenticate against LDAP. I'm on RHEL 7 with Tomcat 7 and CAS 5.0,4. I used the Maven overlay. My pom.xml has:

            <groupId>org.apereo.cas</groupId>

            <artifactId>cas-server-support-ldap</artifactId>

            <version>5.0.4</version>

        </dependency>

        <dependency>

            <groupId>org.apereo.cas</groupId>

            <artifactId>cas-server-support-ldap-core</artifactId>

            <version>5.0.4</version>

        </dependency>

No errors building. I didn't have the second one initially. I added it later and it made no difference

Here is my ldap section from cas.properties:

#LDAP connection info

cas.authn.accept.users=

cas.authn.ldap[0].type=AUTHENTICATED

cas.authn.ldap[0].ldapUrl=ldaps://ldap.my.org:636

cas.authn.ldap[0].useSsl=true

cas.authn.ldap[0].useStartTls=false

cas.authn.ldap[0].connectTimeout=5000

cas.authn.ldap[0].baseDn=ou=cp,o=org

cas.authn.ldap[0].principalAttributeId=uid

cas.authn.ldap[0].userFilter=cn=uid

cas.authn.ldap[0].subtreeSearch=true

cas.authn.ldap[0].usePasswordPolicy=true

cas.authn.ldap[0].bindDn=cn=cn=Directory Manager,o=org

I just keep getting the same errors:

WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [testusername] of type [UsernamePasswordCredential], which suggests a configuration problem.>

ERROR [org.apereo.cas.web.flow.AuthenticationExceptionHandler] - <Unable to translate handler errors of the authentication exception org.apereo.cas.authentication.AuthenticationException: 0 errors, 0 successes. Returning UNKNOWN by default...>

Nothing I have found has helped. I tried changing the type to DIRECT. We don't use AD so I didn't try that. Not sure if it will help. Any ideas? I'm stumped.

[Nour Krichene]

Hello,

It seems that some files are needed to support LDAP

In pom.xml add this script

<dependency>

     <groupId>org.apereo.cas</groupId>

     <artifactId>cas-server-support-ldap</artifactId>

     <version>${cas.version}</version>

</dependency>

after project's build add this code to etc/cas/config/cas.properties

cas.authn.accept.users=

cas.authn.ldap[0].type=AUTHENTICATED

cas.authn.ldap[0].ldapUrl=ldap://localhost:389

cas.authn.ldap[0].useSsl=false

cas.authn.ldap[0].useStartTls=false

cas.authn.ldap[0].connectTimeout=5000

cas.authn.ldap[0].baseDc=dc=example,dc=com

cas.authn.ldap[0].baseDn=ou=users,dc=example,dc=com

cas.authn.ldap[0].userFilter=uid={user}

cas.authn.ldap[0].subtreeSearch=true

cas.authn.ldap[0].usePasswordPolicy=false

cas.authn.ldap[0].bindDn=cn=admin,dc=example,dc=com

cas.authn.ldap[0].bindCredential=**********

cas.authn.ldap[0].enhanceWithEntryResolver=false

cas.authn.ldap[0].dnFormat=uid=%s,ou=users,dc=example,dc=com

cas.authn.ldap[0].principalAttributeId=uid

cas.authn.ldap[0].principalAttributePassword=

cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName

cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true

cas.authn.ldap[0].minPoolSize=3

cas.authn.ldap[0].maxPoolSize=10

cas.authn.ldap[0].validateOnCheckout=true

cas.authn.ldap[0].validatePeriodically=true

cas.authn.ldap[0].validatePeriod=600

cas.authn.ldap[0].failFast=true

cas.authn.ldap[0].idleTime=5000

cas.authn.ldap[0].prunePeriod=5000

cas.authn.ldap[0].blockWaitTime=5000

cas.authn.ldap[0].allowMultipleDns=false

cas.authn.ldap[0].passwordEncoder.type=NONE

cas.authn.ldap[0].principalTransformation.suffix=

cas.authn.ldap[0].principalTransformation.caseConversion=NONE

cas.authn.ldap[0].principalTransformation.prefix=

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bcdf6bd8-ba0e-4587-bdd7-1b56d2bf49af%40apereo.org.

[bobbintb]

Same thing. I already had the dependency in pom.xml, and most of those LDAP settings. I added all the extra ones you mentioned but it didn't change anything. I don't get it. I'm obviously missing something but near as I can tell, I have all the prerequisites mention in the documentation.

[Paul Mitchell]

Your bindDn is wrong, in at least what you've pasted above "cas.authn.ldap[0].bindDn=cn=cn=Directory Manager,o=org" . You look to have an extra cn= in there.

Paul.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0e21de28-36cb-426b-9d05-1852e47db8c7%40apereo.org.

[bobbintb]

Thank you. That was the issue, for the most part. I had some other issues as well but that was the one that was causing this particular problem. Don't know how I missed that.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0e21de28-36cb-426b-9d05-1852e47db8c7%40apereo.org.