Cas and ldap connexion

azer tyuiop

unread,

May 20, 2023, 11:59:55 PM5/20/23

to CAS Community

Hello, how to connect CAS to LDAP

I implemented openLdap to install CAS then I created the file cas.properties in cas-overlay-template/etc/cas/config/

Because in this folder after the installation of CAS I did not find the file "cas.properties" which should normally be in the folder cas-overlay-template/etc/cas/config

I recompiled and then deployed in cas but I still have this error attached.

Here are the contents of the "cas.properties" file I created in cas-overlay-template/etc/cas/config:

cas.server.name=http://acsi.cg:8443
cas.server.prefix=${cas.server.name}/cas
logging.config: file:/etc/cas/config/log4j2.xml

cas.authn.accept.users=
### LDAP connection
#cas.authn.ldap\[0\].providerClass=org.ldaptive.provider.unboundid.UnboundIDPro>
cas.authn.ldap[0].type=AUTHENTICATED
#cas.authn.ldap\[0\].useSsl=false
cas.authn.ldap[0].ldap-url=ldap://acsi.cg:389
cas.authn.ldap[0].base-dn= subtreeA,dc=acsi,dc=cg|subtreeC,dc=acsi,dc=cg
cas.authn.ldap[0].password-encoder.type=NONE
cas.authn.ldap[0].search-filter={user}
#cas.authn.ldap\[0].subtreeSearch=true
#cas.authn.ldap\[0].principalAttributeList=cn,givenName,mail

### Credential to connect to LDAP
cas.authn.ldap[0].bind-dn=admincas,CN=admincas,DC= acsi,DC=cg
cas.authn.ldap[0].bind-credential=@Debian453

As a reminder, I use:
openLdap, ldap account manager, jdk-17, tomcat 10 and cas-overlay-template 6.6.7

I'm looking forward to your help, thanks in advance!

cas ....png

Eugene Willis

unread,

May 21, 2023, 9:28:18 AM5/21/23

to cas-...@apereo.org

You may need to add your LDAP information and passwords to your cas.properties. And server information (domain /AD/LDAP) so it can reference it within the cas.properties.

Eugene Willis Jr.

Post Creative strategist

(P.C.S.)

BlackNerdNinja

IndieboxKart Media

Gogotechsupport

BlackNerdNinja.com

#Nerd #goninjago

On May 20, 2023, at 11:59 PM, azer tyuiop <tyuio...@gmail.com> wrote:

Hello, how to connect CAS to LDAP

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8d1ffb24-91cb-40b4-a294-1f0992822f4fn%40apereo.org.

Ray Bon

unread,

May 23, 2023, 1:08:03 PM5/23/23

to cas-...@apereo.org

azer,

Can you connect to your ldap server from the computer running cas using command line or gui and the same connection parameters?

Turn up logging for ldap.

Ray

P.S. here are some ldap related logs I have used

<AsyncLogger name="org.ldaptive.AbstractOperation$ReopenOperationExceptionHandler" level="error"

additivity="false" />

<!-- INFO Authentication failed for dn: ...

DEBUG prints failed log in error reason (among other ldap connection details) -->

On Sat, 2023-05-20 at 07:54 -0700, azer tyuiop wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Coeurcy Mokoko

unread,

May 26, 2023, 5:22:03 AM5/26/23

to CAS Community, Ray Bon

Yes, I manage to connect from the command line with the same parameters, but when I try to authenticate to cas with the same login and password, it doesn't work!

Ray Bon

unread,

May 26, 2023, 12:44:52 PM5/26/23

to cas-...@apereo.org, coeurcym...@gmail.com

Coeurcy,

The ldap loggers from my previous email should help with debugging the problem.

Do you have access to the ldap server logs?

Is your ldap case sensitive (you have 'dc' and 'DC')?

Is there a class identifier missing in bind-dn?

Ray

Coeurcy Mokoko

unread,

May 26, 2023, 2:53:15 PM5/26/23

to CAS Community, Ray Bon, Coeurcy Mokoko

Ray,

In relation to what you said I've made some modifications to "cas.properties" above but still "username/password" incorrect, as far as ldap is concerned I can't find or access the logs for it, and it's case sensitive.

My new cas.properties:

as.server.name=http://acsi.cg:8443
cas.server.prefix=${cas.server.name}/cas

logging.config=file:/etc/cas/config/log4j2.xml

cas.authn.accept.users=
### Connexion LDAP
cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvid>
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].ldapUrl=ldap://acsi.cg:389
cas.authn.ldap[0].baseDn=dc=acsi,dc=cg
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].searchFilter=sAMAccountName={user}
# cas.authn.ldap[0].principalAttributeList=cn,givenName,mail

# Credential to connect to LDAP

cas.authn.ldap[0].bindDn=cn=admin,dc=acsi,dc=cg
cas.authn.ldap[0].bindCredential=@Debian453

Coeurcy Mokoko

unread,

May 26, 2023, 3:07:29 PM5/26/23

to CAS Community, Coeurcy Mokoko, Ray Bon, Coeurcy Mokoko

NB: I have now been able to raise the notification mentioned in my first email above but I am unable to connect to CAS Server with: username: admin ; password: @Debian453, configured in cas.properties, which is my ldap user.

Ray Bon

unread,

May 26, 2023, 3:31:50 PM5/26/23

to cas-...@apereo.org, coeurcym...@gmail.com

Coeurcy,

What do cas logs say about the ldap search (on debug or trace)?

Is sAMAccountName the/an attribute in the search tree? You are using cn in the bind.

Ray

Reply all

Reply to author

Forward