CAS 5.3.0-RC2 LDAP Authentication and cas.authn.ldap[0].userFilter property

[Darin T. Russell]

Hello All

I've been running CAS 5.2.4-SNAPSHOT using LDAP authentication with no problems. When I try to use CAS 5.3.0-RC2 I get errors with my

cas.authn.ldap[0].userFilter=cn={user}

property. When I have it in my cas.properties file, CAS exits with the following error on startup -

2018-03-27 00:59:53,803 WARN [org.apereo.cas.web.CasWebApplicationContext] - <Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'casBeanValidationPostProcessor' defined in class path resource [org/apereo/cas/config/CasCoreUtilConfiguration.class]: BeanPostProcessor before instantiation of bean failed; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration': Unsatisfied dependency expressed through method 'setConfigurers' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'casCoreTicketsConfiguration': Unsatisfied dependency expressed through field 'casProperties'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'cas-org.apereo.cas.configuration.CasConfigurationProperties': Could not bind properties to CasConfigurationProperties (prefix=cas, ignoreInvalidFields=false, ignoreUnknownFields=false, ignoreNestedProperties=false); nested exception is org.springframework.boot.bind.RelaxedBindingNotWritablePropertyException: Failed to bind 'cas.authn.ldap[0].userFilter' from 'applicationProfilesProperties' to 'authn.ldap[0].userFilter' property on 'org.apereo.cas.configuration.model.core.authentication.AuthenticationProperties'>

If I comment the property out, CAS gets to the point of trying to initialize my direct bind to the LDAP server, but then stops with this error -

2018-03-27 01:22:16,484 WARN [org.apereo.cas.web.CasWebApplicationContext] - <Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authenticationTransactionManager' defined in class path resource [org/apereo/cas/config/CasCoreAuthenticationConfiguration.class]: Unsatisfied dependency expressed through method 'authenticationTransactionManager' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'casAuthenticationManager' defined in class path resource [org/apereo/cas/config/CasCoreAuthenticationConfiguration.class]: Unsatisfied dependency expressed through method 'casAuthenticationManager' parameter 2; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationEventExecutionPlan' defined in class path resource [org/apereo/cas/config/CasCoreAuthenticationConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.authentication.AuthenticationEventExecutionPlan]: Factory method 'authenticationEventExecutionPlan' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapAuthenticationHandlers' defined in class path resource [org/apereo/cas/config/LdapAuthenticationConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [java.util.Collection]: Factory method 'ldapAuthenticationHandlers' threw exception; nested exception is java.lang.IllegalArgumentException: To create a search entry resolver, user filter cannot be empty/blank>

I know CAS 5.3.0 has made changes to configuration binding behaviour, and I have found and made some changes to my cas.properties, but I can't work this one out. I've searched through the current Development docs, but can't find any reference to cas.authn.ldap[0].userFilter anywhere! Has it been changed, and I am missing the new name, or is this a bug? I am at a loss.

Thanks in advance
Darin

Darin Russell
Assistant Manager Information Technology - Moore Theological College


Phone: +61 2 9577 9893 | 
Address: 1 King Street, Newtown NSW 2042 Australia | Web: www.moore.edu.au |
CRICOS Provider Code: 00682B

Important Notice: This email is for the named recipient only.  Its contents are confidential and may contain legally privileged information.  The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden.  If you receive this email in error, please contact the sender immediately and delete the email and all attachments from your system. This email is subject to copyright. Copyright: Moore Theological College Council.

[David Curry]

The userFilter attribute was renamed to searchFilter in 5.3.0-RC1. It was documented in the "feature release" blog post for that release candidate, here:

https://apereo.github.io/2017/12/29/530rc1-release/#documentation-cleanup

The feature release blog posts are an excellent source of information about what's new and changed from release to release; they should be on everyone's "must read" list.

--Dave

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/HK2PR0601MB1827C7EE71F98711A0CECF10DCAC0%40HK2PR0601MB1827.apcprd06.prod.outlook.com.

[Darin T. Russell]

Thanks Dave!

 

I went through RC2 with a fine tooth comb but must have missed it in RC1!

 

PS. Let me add my thanks to the chorus of appreciation for your documentation.

 

Cheers

Darin

 

Darin Russell

Assistant Manager Information Technology – Moore Theological College

 

Phone: +61 2 9577 9893 | 
Address: 1 King Street, Newtown NSW 2042 Australia | Web: www.moore.edu.au |
CRICOS Provider Code: 00682B

Important Notice: This email is for the named recipient only.  Its contents are confidential and may contain legally privileged information.  The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden.  If you receive this email in error, please contact the sender immediately and delete the email and all attachments from your system. This email is subject to copyright. Copyright: Moore Theological College Council.

 

From: cas-...@apereo.org <cas-...@apereo.org> On Behalf Of David Curry
Sent: Tuesday, 27 March 2018 10:54 PM
To: cas-...@apereo.org
Subject: Re: [cas-user] CAS 5.3.0-RC2 LDAP Authentication and cas.authn.ldap[0].userFilter property

 

The userFilter attribute was renamed to searchFilter in 5.3.0-RC1. It was documented in the "feature release" blog post for that release candidate, here:

 

https://apereo.github.io/2017/12/29/530rc1-release/#documentation-cleanup

 

The feature release blog posts are an excellent source of information about what's new and changed from release to release; they should be on everyone's "must read" list.

 

--Dave

 

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

 

On Mon, Mar 26, 2018 at 10:29 PM, 'Darin T. Russell' via CAS Community <cas-...@apereo.org> wrote:

Hello All

I've been running CAS 5.2.4-SNAPSHOT using LDAP authentication with no problems.  When I try to use CAS 5.3.0-RC2 I get errors with my

cas.authn.ldap[0].userFilter=cn={user}

property.  When I have it in my cas.properties file, CAS exits with the following error on startup -

2018-03-27 00:59:53,803 WARN [org.apereo.cas.web.CasWebApplicationContext] - <Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'casBeanValidationPostProcessor' defined in class path resource [org/apereo/cas/config/CasCoreUtilConfiguration.class]: BeanPostProcessor before instantiation of bean failed; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration': Unsatisfied dependency expressed through method 'setConfigurers' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'casCoreTicketsConfiguration': Unsatisfied dependency expressed through field 'casProperties'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'cas-org.apereo.cas.configuration.CasConfigurationProperties': Could not bind properties to CasConfigurationProperties (prefix=cas, ignoreInvalidFields=false, ignoreUnknownFields=false, ignoreNestedProperties=false); nested exception is org.springframework.boot.bind.RelaxedBindingNotWritablePropertyException: Failed to bind 'cas.authn.ldap[0].userFilter' from 'applicationProfilesProperties' to 'authn.ldap[0].userFilter' property on 'org.apereo.cas.configuration.model.core.authentication.AuthenticationProperties'>

If I comment the property out, CAS gets to the point of trying to initialize my direct bind to the LDAP server, but then stops with this error -

2018-03-27 01:22:16,484 WARN [org.apereo.cas.web.CasWebApplicationContext] - <Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authenticationTransactionManager' defined in class path resource [org/apereo/cas/config/CasCoreAuthenticationConfiguration.class]: Unsatisfied dependency expressed through method 'authenticationTransactionManager' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'casAuthenticationManager' defined in class path resource [org/apereo/cas/config/CasCoreAuthenticationConfiguration.class]: Unsatisfied dependency expressed through method 'casAuthenticationManager' parameter 2; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationEventExecutionPlan' defined in class path resource [org/apereo/cas/config/CasCoreAuthenticationConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.authentication.AuthenticationEventExecutionPlan]: Factory method 'authenticationEventExecutionPlan' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapAuthenticationHandlers' defined in class path resource [org/apereo/cas/config/LdapAuthenticationConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [java.util.Collection]: Factory method 'ldapAuthenticationHandlers' threw exception; nested exception is java.lang.IllegalArgumentException: To create a search entry resolver, user filter cannot be empty/blank>

I know CAS 5.3.0 has made changes to configuration binding behaviour, and I have found and made some changes to my cas.properties, but I can't work this one out.  I've searched through the current Development docs, but can't find any reference to cas.authn.ldap[0].userFilter anywhere!  Has it been changed, and I am missing the new name, or is this a bug?  I am at a loss.

Thanks in advance
Darin

Darin Russell
Assistant Manager Information Technology - Moore Theological College


Phone: +61 2 9577 9893 | 
Address: 1 King Street, Newtown NSW 2042 Australia | Web: www.moore.edu.au |
CRICOS Provider Code: 00682B

Important Notice: This email is for the named recipient only.  Its contents are confidential and may contain legally privileged information.  The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden.  If you receive this email in error, please contact the sender immediately and delete the email and all attachments from your system. This email is subject to copyright. Copyright: Moore Theological College Council.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG

---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/HK2PR0601MB1827C7EE71F98711A0CECF10DCAC0%40HK2PR0601MB1827.apcprd06.prod.outlook.com.

 

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOzqUaeu%3D%2BcNP6wvLofVgTDHEPALPPV%2Bzaijuds--F7TA%40mail.gmail.com.

[Curtis Ruck]

The searchFilter property doesn't appear to be documented in CAS Properties html anywhere.  Just ran into the same issue.

--

Curtis

On Tue, Mar 27, 2018 at 7:54 AM David Curry <david...@newschool.edu> wrote:

The userFilter attribute was renamed to searchFilter in 5.3.0-RC1. It was documented in the "feature release" blog post for that release candidate, here:

https://apereogithub.io/2017/12/29/530rc1-release/#documentation-cleanup

The feature release blog posts are an excellent source of information about what's new and changed from release to release; they should be on everyone's "must read" list.

--Dave

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

On Mon, Mar 26, 2018 at 10:29 PM, 'Darin T. Russell' via CAS Community <cas-...@apereo.org> wrote:

Hello All

I've been running CAS 5.2.4-SNAPSHOT using LDAP authentication with no problems.  When I try to use CAS 5.3.0-RC2 I get errors with my

cas.authn.ldap[0].userFilter=cn={user}

property.  When I have it in my cas.properties file, CAS exits with the following error on startup -

2018-03-27 00:59:53,803 WARN [org.apereo.cas.web.CasWebApplicationContext] - <Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'casBeanValidationPostProcessor' defined in class path resource [org/apereo/cas/config/CasCoreUtilConfiguration.class]: BeanPostProcessor before instantiation of bean failed; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration': Unsatisfied dependency expressed through method 'setConfigurers' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'casCoreTicketsConfiguration': Unsatisfied dependency expressed through field 'casProperties'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'cas-org.apereo.cas.configuration.CasConfigurationProperties': Could not bind properties to CasConfigurationProperties (prefix=cas, ignoreInvalidFields=false, ignoreUnknownFields=false, ignoreNestedProperties=false); nested exception is org.springframeworkboot.bind.RelaxedBindingNotWritablePropertyException: Failed to bind 'cas.authn.ldap[0].userFilter' from 'applicationProfilesProperties' to 'authn.ldap[0].userFilter' property on 'org.apereo.cas.configuration.model.core.authentication.AuthenticationProperties'>

If I comment the property out, CAS gets to the point of trying to initialize my direct bind to the LDAP server, but then stops with this error -

2018-03-27 01:22:16,484 WARN [org.apereo.cas.web.CasWebApplicationContext] - <Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authenticationTransactionManager' defined in class path resource [org/apereo/cas/config/CasCoreAuthenticationConfiguration.class]: Unsatisfied dependency expressed through method 'authenticationTransactionManager' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'casAuthenticationManager' defined in class path resource [org/apereo/cas/config/CasCoreAuthenticationConfiguration.class]: Unsatisfied dependency expressed through method 'casAuthenticationManager' parameter 2; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationEventExecutionPlan' defined in class path resource [org/apereo/cas/config/CasCoreAuthenticationConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.authentication.AuthenticationEventExecutionPlan]: Factory method 'authenticationEventExecutionPlan' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapAuthenticationHandlers' defined in class path resource [org/apereo/cas/config/LdapAuthenticationConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [java.util.Collection]: Factory method 'ldapAuthenticationHandlers' threw exception; nested exception is java.lang.IllegalArgumentException: To create a search entry resolver, user filter cannot be empty/blank>

I know CAS 5.3.0 has made changes to configuration binding behaviour, and I have found and made some changes to my cas.properties, but I can't work this one out.  I've searched through the current Development docs, but can't find any reference to cas.authn.ldap[0].userFilter anywhere!  Has it been changed, and I am missing the new name, or is this a bug?  I am at a loss.

Thanks in advance
Darin

Darin Russell
Assistant Manager Information Technology - Moore Theological College


Phone: +61 2 9577 9893 | 
Address: 1 King Street, Newtown NSW 2042 Australia | Web: www.moore.edu.au |
CRICOS Provider Code: 00682B

Important Notice: This email is for the named recipient only.  Its contents are confidential and may contain legally privileged information.  The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden.  If you receive this email in error, please contact the sender immediately and delete the email and all attachments from your system. This email is subject to copyright. Copyright: Moore Theological College Council.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/HK2PR0601MB1827C7EE71F98711A0CECF10DCAC0%40HK2PR0601MB1827.apcprd06.prod.outlook.com.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOzqUaeu%3D%2BcNP6wvLofVgTDHEPALPPV%2Bzaijuds--F7TA%40mail.gmail.com.

[David Curry]

https://apereo.github.io/cas/development/installation/Configuration-Properties-Common.html#ldap-authenticationsearch-settings

See line 5 of the "code" block.

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFgGLFdHhY_8-9J5h2cGR3oW5j%3DhtQA%2BESs3frun6%2BK42Q_BAw%40mail.gmail.com.

[Sudhan Samyraj]

Hi Please anyone suggest me below,

I have sync the moodle and AD is working fine for me and sync the ad & cas it is not considering the sAMAccountname 

It is taking me to login only with the display name, please share any configuration for common attributes between sAMAccountname / Useprincipalname and cas.

Regards,

S.Sudhanraj

[Ray Bon]

Could this conversation be of help:

https://groups.google.com/a/apereo.org/forum/?utm_medium=email&utm_source=footer#!searchin/cas-user/sAMAccountname/cas-user/C0KcFq97yVg/qR7VuogOAgAJ

A general search for sAMAccountname:

https://groups.google.com/a/apereo.org/forum/?utm_medium=email&utm_source=footer#!searchin/cas-user/sAMAccountname;context-place=msg/cas-user/e_zIvfJPil8/yhehxDT-CQAJ

Ray

-- 
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca

[Sudhan Samyraj]

Hi Ray

                    The forum is very helpful for me but my issue was not fixed 

by using this  cas.authn.ldap[0].userFilter:           sAMAccountName={user} am getting login error

can i share my cas.properties file please help me to sort it out

S.Sudhanraj Network Engineer A: 309 Kent Street, Sydney, NSW 2000  Email: helpdesk@eluminaelearning.com.au

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1543254997.2846.5.camel%40uvic.ca.

[David Curry]

What version of CAS are you using?

What "login error" are you getting (include the actual text of the error)?

Do you see any errors in your log file(s) about it? If so, what are they (copy and paste relevant lines)?

Have you tried turning on debug-level logging? Did it tell you anything? If so, what (copy and paste relevant lines)?

Please do share your cas.properties, at least the LDAP-related bits, so we can see what you're doing.

I'm guessing, since you say you're getting a login error rather than a startup error, that you're not experiencing the same issue as the original poster was, so I'm a little unclear as to why you're posing in this thread instead of starting a new one? (If you are having the same issue as the original poster, the answer to that problem is in the second post in this thread.)

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY

THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMpDKNTW-8enoDhG5Psn4pBQQjvVVOYfVHk%3DOa6TC%2BVw9pBNUA%40mail.gmail.com.

[Sudhan Samyraj]

Hi David,

                      I will describe my problem clearly , please help me to sort it out once the user login with the userprincipalname it is login me fine.

if once i click the user must change password at next login checbox in AD the user in not able to login in CAS.

Regards,

S.Sudhanraj Network Engineer A: 309 Kent Street, Sydney, NSW 2000  Email: helpdesk@eluminaelearning.com.au

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAM-Wo_FUq%2Beq6Q%3DoG1jvr_TBF1WunFTjzUQ5-cnh60Nmg%40mail.gmail.com.

[matrix]

Which case version you are using?

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMpDKNRBTEs81CJfDo5GzvO4BF1LnfJp6EKdiytqNkMV7NK-yQ%40mail.gmail.com.

[Sudhan Samyraj]

Am using cas 5.3.2 pls help me for user change password on next login 

If I click that check box am not able to login in cas

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAG9J-Y3Vh5BoeRzvt4eqOP3kCqhsskfTCfsEKE6hRHXP-zkxSg%40mail.gmail.com.

[matrix]

Change this properties cas.authn.ldap[0].userFilter:sAMAccountName={user}

To cas.authn.ldap[0].searchFilter=sAMAccountName={user}

userFilter is changed to searchFilter in version 5.3 and later

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMpDKNQHKS1k0%2B3JwbvXu5fYn2My9D0zEDa%2BkkR0hvWY%3DmKbQA%40mail.gmail.com.

--

-Fazla.

[Sudhan Samyraj]

yes matrix i have done the same earlier , by using userprincipalname am able to login

the issue is only with if we click user logon password must change next login in AD am not able to login in cas 

one more point if i uncheck the  user logon password must change next login in AD am able to login with current password. 

S.Sudhanraj Network Engineer A: 309 Kent Street, Sydney, NSW 2000  Email: helpdesk@eluminaelearning.com.au

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAG9J-Y3cYnfPYWJNZX%2B062Q9WYSdKWMDjfm2qL9BddVZ%3DjgjBA%40mail.gmail.com.

[David Curry]

This is a completely different problem than the one you were talking about a few messages ago. You really should start a new thread for a new problem, to help other people searching the forum for answers.

As for this problem, have you enabled the password management features of the CAS server? Those would need to be enabled for it to detect the "change password at next login" state and do something intelligent with it. (We don't use those features, so I don't know for sure that they handle that particular condition, but I assume they do.)

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMpDKNRBTEs81CJfDo5GzvO4BF1LnfJp6EKdiytqNkMV7NK-yQ%40mail.gmail.com.