CAS/LDAP user

[zak elmi]

Hi everyone.

I have a problem that I haven't been able to solve for a long time.

[org.apereo.cas.configuration.CasConfigurationPropertiesValidator] - <Validated CAS property sources and configuration successfully.>

     _    ____  _____ ____  _____ ___     ____    _    ____
    / \  |  _ \| ____|  _ \| ____/ _ \   / ___|  / \  / ___|
   / _ \ | |_) |  _| | |_) |  _|| | | | | |     / _ \ \___ \
  / ___ \|  __/| |___|  _ <| |__| |_| | | |___ / ___ \ ___) |
 /_/   \_\_|   |_____|_| \_\_____\___/   \____/_/   \_\____/


CAS Version: 6.6.0-RC2
CAS Branch: master
CAS Commit Id: 7946bc20e93ed407274ca391864c8e67165b4c8c
CAS Build Date/Time: 2022-05-10T11:39:56Z
Spring Boot Version: 2.6.6
Spring Version: 5.3.19
Java Home: /usr/lib/jvm/jdk-11
Java Vendor: Oracle Corporation
Java Version: 11.0.15
JVM Free Memory: 298 MB
JVM Maximum Memory: 910 MB
JVM Total Memory: 603 MB
OS Architecture: amd64
OS Name: Linux
OS Version: 4.9.0-18-amd64
OS Date/Time: 2022-05-17T16:45:45.852237
OS Temp Directory: /opt/tomcat/latest/temp
------------------------------------------------------------
Apache Tomcat Version: Apache Tomcat/9.0.30
-----------------------------------------------

  ____  _____    _    ______   __
 |  _ \| ____|  / \  |  _ \ \ / /
 | |_) |  _|   / _ \ | | | \ V /
 |  _ <| |___ / ___ \| |_| || |
 |_| \_\_____/_/   \_\____/ |_|

>
2022-05-17 16:55:04,681 WARN [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] - <1 errors, 0 successes>
2022-05-17 16:55:13,354 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: {result=Service Access Granted, service=https://example.com/index.php, requiredAttributes={}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue May 17 16:55:13 CEST 2022
CLIENT IP ADDRESS: X.X.X.X

SERVER IP ADDRESS: X.X.X.X
=============================================================

>
2022-05-17 16:55:13,367 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[LdapAuthenticationHandler] exception details: [Unable to resolve user dn for userxxxx].>
2022-05-17 16:55:13,368 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO:  userxxxx
WHAT: [UsernamePasswordCredential(username= userxxxx  , source=null, customFields={})]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Tue May 17 16:55:13 CEST 2022
CLIENT IP ADDRESS: X.X.X.X
SERVER IP ADDRESS: X.X.X.X
=============================================================

>
2022-05-17 16:55:13,368 WARN [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] - <1 errors, 0 successes>

also find my cas.properties 

cas.server.name=https://192.168.143.203:8443
cas.server.prefix=${cas.server.name}/cas

logging.config=file:/etc/cas/config/log4j2.xml

 cas.authn.accept.enabled=false

### Desactivation des comptes locaux

cas.authn.accept.users=
### Connexion LDAP
#cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].useSsl=false

### Credential to connect to LDAP
cas.authn.ldap[0].ldapUrl=ldap://192.168.143.200:389
cas.authn.ldap[0].bindDn=cn=admin,dc=example,dc=com
cas.authn.ldap[0].bindCredential=xxxxxxxx


cas.authn.ldap[0].baseDn=ou=people,dc=example,dc=com
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].searchFilter=supannAliasLogin={%s}
# peut-être optionnel
cas.authn.ldap[0].principalAttributeId=supannAliasLogin

cas.serviceRegistry.json.location: file:/etc/cas/services

please if someone can help me?

--------------------

[zak elmi]

---------- Message transféré ---------
De : zak elmi <Inconnu>
Date : mardi 17 mai 2022 à 18:29:20 UTC+3
Objet : CAS/LDAP user
À : CAS Community <Inconnu>

[Ray Bon]

zak,

This are the settings I have for ldap

cas.authn.ldap[0].type=AUTHENTICATED

cas.authn.ldap[0].ldapUrl=ldaps://...

cas.authn.ldap[0].connectTimeout=PT3S

cas.authn.ldap[0].baseDn=ou=people,...

cas.authn.ldap[0].subtreeSearch=true

cas.authn.ldap[0].searchFilter=uid={user}

cas.authn.ldap[0].bindDn=cn=Auth Manager,...

cas.authn.ldap[0].bindCredential=...

cas.authn.ldap[0].principalAttributeList=...

 

You can use the command line utility, ldapsearch, to be sure your ldap settings are correct.

Also check ldap logs.

Ray

On Tue, 2022-05-17 at 08:25 -0700, zak elmi wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

-- 

Ray Bon

Programmer Analyst

Development Services, University Systems

2507218831 | CLE 019 | rb...@uvic.ca

I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day.

[Zaki Elmi Guelleh]

Hi Ray,

when i  use the command line utility ldapsearch from cas server; i have this error: result: 32 No such object

root@cas:/etc/cas/config# ldapsearch -h 192.168.143.200 -x -W -D "cn=testuser,ou=people,dc=example,dc=com"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1

Le mer. 18 mai 2022 à 08:31, Zaki Elmi Guelleh <zakig...@gmail.com> a écrit :

Hi Ray,

 ldap settings are correct. 

root@LDAPserv:~# ldapsearch -h 192.168.143.200 -x -W -D "cn=admin,dc=example,dc=com"

# testuser, people, example.com
dn: cn=testuser,ou=people,dc=example,dc=com
cn: testuser
gidNumber: 9802
givenName: testuser
homeDirectory: /home/users/testuser
mail: 
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: supannPerson
sn: testuser
supannEmpId: 1001
supannEmpProfil:: QWRtaW5pc3RyYXRldXIgZHUgU3lzdMOobWUgJiBSw6lzZWF1
supannEntiteAffectation: 
uid: testuser
uidNumber: 10012
userPassword:: e01ENX16QVBuUjZhdnU4djR2blpvclA2KzVRPT0=

logs cas :

=============================================================
WHO: audit:unknown
WHAT: {source=RankedMultifactorAuthenticationProviderWebflowEventResolver, event=success, timestamp=Wed May 18 07:23:54 CEST 2022}
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Wed May 18 07:23:54 CEST 2022
CLIENT IP ADDRESS: X.X.X.X

SERVER IP ADDRESS: X.X.X.X
=============================================================

>

2022-05-18 07:24:07,465 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[LdapAuthenticationHandler] exception details: [Unable to resolve user dn for testuser].>
2022-05-18 07:24:07,465 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: testuser
WHAT: [UsernamePasswordCredential(username=testuser, source=null, customFields={})]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Wed May 18 07:24:07 CEST 2022

CLIENT IP ADDRESS: X.X.X.X
SERVER IP ADDRESS: X.X.X.X
=============================================================

Thanks

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/j-xKydm0vI8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/375c36d83561da185d101fe03b2b5f55873d327d.camel%40uvic.ca.

[Zaki Elmi Guelleh]

Hi Ray,

 ldap settings are correct. 

root@LDAPserv:~# ldapsearch -h 192.168.143.200 -x -W -D "cn=admin,dc=example,dc=com"

# testuser, people, example.com
dn: cn=testuser,ou=people,dc=example,dc=com
cn: testuser
gidNumber: 9802
givenName: testuser
homeDirectory: /home/users/testuser
mail: 
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: supannPerson
sn: testuser
supannEmpId: 1001
supannEmpProfil:: QWRtaW5pc3RyYXRldXIgZHUgU3lzdMOobWUgJiBSw6lzZWF1
supannEntiteAffectation: 
uid: testuser
uidNumber: 10012
userPassword:: e01ENX16QVBuUjZhdnU4djR2blpvclA2KzVRPT0=

logs cas :

=============================================================
WHO: audit:unknown

WHAT: {source=RankedMultifactorAuthenticationProviderWebflowEventResolver, event=success, timestamp=Wed May 18 07:23:54 CEST 2022}
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS

WHEN: Wed May 18 07:23:54 CEST 2022
CLIENT IP ADDRESS: X.X.X.X

SERVER IP ADDRESS: X.X.X.X
=============================================================

>

2022-05-18 07:24:07,465 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[LdapAuthenticationHandler] exception details: [Unable to resolve user dn for testuser].>

2022-05-18 07:24:07,465 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: testuser
WHAT: [UsernamePasswordCredential(username=testuser, source=null, customFields={})]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Wed May 18 07:24:07 CEST 2022

CLIENT IP ADDRESS: X.X.X.X
SERVER IP ADDRESS: X.X.X.X
=============================================================

Thanks

Le mar. 17 mai 2022 à 19:23, Ray Bon <rb...@uvic.ca> a écrit :

--

[King, Robert]

It looks like the attribute in your cas.authn.ldap[0].searchFilter is not in the response from your LDAP query.

 

cas.authn.ldap[0].searchFilter=supannAliasLogin={%s}

 

Also according to the CAS documentation, you should “{user}” and not “{%s}”.

 

Try the following and see if it resolves your connection issues:

 

cas.authn.ldap[0].searchFilter=uid={user}

 

You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFRbquYGM06%3Do_gR9-cT0f3bPBqYGqp0gA4A_SpOkyN6VtbGAg%40mail.gmail.com.

[Ray Bon]

Zaki,

This is an ldap config issue. 

Either the testuser needs to be added to the people ou; or change the testuser dn to match what exists in ldap.

Ray

[Zaki Elmi Guelleh]

HI everyone,

I solved the problem and it was in the cas.properties 

cas.authn.ldap[0].searchFilter=supannAliasLogin={user}

Thanks.

Now I want to change the user interface and I can't find the location of the css and logo.

Thanks everyone.

You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/485a425a59e4d6448e273319d44dea3aadafc9d2.camel%40uvic.ca.

[Zaki Elmi Guelleh]

Hi Ray,

Thanks for your reply and the problem was solved thanks

 

Do you have any idea for location CSS and IMAGES FOLDER to change the user interface?

because i can't find  any folder css or cas.css and images folder.

Thanks, 

You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/485a425a59e4d6448e273319d44dea3aadafc9d2.camel%40uvic.ca.

[Ray Bon]

Zaki,

You can find the files in this part of the cas repo, https://github.com/apereo/cas/tree/master/support/cas-server-support-thymeleaf

See also https://fawnoos.com/2021/02/16/cas63-ui-themes/

Ray