Hello Toby,
I think you should try like this :
cas.authn.ldap[0].userFilter=uid={user}
Refer to the CAS properties page.
Le 6 juillet 2017 17:32:01 GMT+02:00, Toby Archer <sandsl...@gmail.com> a écrit
:
>I'm upgrading from CAS 3.5 to CAS 5.1. The configurations are similar,
>but
>not quite the same. My configuration on CAS 3.5 is:
>
># == LDAP Authentication settings ==
>> ldap.authentication.filter=uid=%u
>> ldap.authentication.server.urls=ldap://dev-ldap7-1.usd.edu
>> ldap.authentication.basedn=o=usd.edu
>> ldap.authentication.manager.userdn=cn=Directory Manager
>> ldap.authentication.manager.password=lols a password in plain text
>> ldap.authentication.ignorePartialResultException=true
>> ldap.authentication.scope=2
>>
>> ldap.authentication.services.manager.userdn=cn=WebTeam Members,
>o=usd.edu
>>
>> ldap.authentication.jndi.connect.timeout=10000
>> ldap.authentication.jndi.read.timeout=10000
>> ldap.authentication.jndi.security.level=simple
>>
>
>And here's my configuration so far in 5.1:
>
>cas.authn.accept.users=
>> cas.authn.ldap[0].type=AUTHENTICATED
>> cas.authn.ldap[0].ldapUrl=ldap://dev-ldap7-1
>> cas.authn.ldap[0].baseDn=o=usd.edu
>> cas.authn.ldap[0].userFilter=uid=%u
>> cas.authn.ldap[0].subtreeSearch=true
>> cas.authn.ldap[0].bindDn=cn=Directory Manager
>> cas.authn.ldap[0].bindCredential=shhh, dont tell anyone
>>
>> cas.authn.ldap[0].dnFormat=uid=%s,ou=people
>> cas.authn.ldap[0].principalAttributeId=uid
>> cas.authn.ldap[0].principalAttributePassword=password
>> cas.authn.ldap[0].principalAttributeList=sn,givenName
>>
>> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
>> cas.authn.ldap[0].keyStorePassword=changeit
>> cas.authn.ldap[0].name=dev-ldap7-1
>>
>> cas.authn.ldap[0].poolPassivator=CLOSE
>
>
>It binds to the server fine. I added the logger that turns up debugging
>on
>this particular component. I tried logging in and saw this in the logs:
>
><search for
>> user=[org.ldaptive.auth.User@1196469953::identifier=toben.archer,
>> context=null] failed using
>> filter=[org.ldaptive.SearchFilter@-635903203::filter=uid=%u,
>> parameters={context=null, user=toben.archer}]>
>> 2017-07-06 10:28:41,778 DEBUG
>[org.ldaptive.auth.PooledSearchDnResolver] -
>> <resolved dn=null for
>> user=[org.ldaptive.auth.User@1196469953::identifier=toben.archer,
>> context=null]>
>> 2017-07-06 10:28:41,778 DEBUG [org.ldaptive.auth.Authenticator] -
>> <authenticate dn=null with
>>
>request=[org.ldaptive.auth.AuthenticationRequest@314951352::user=[org.ldaptive.auth.User@1196469953::identifier=toben.archer,
>
>> context=null], returnAttributes=[uid, givenName, sn]]>
>> 2017-07-06 10:28:41,778 WARN
>> [org.apereo.cas.authentication.LdapAuthenticationHandler] - <DN
>resolution
>> failed. [DN cannot be null]>
>> 2017-07-06 10:28:41,779 INFO
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <[dev-ldap7-1] failed authenticating [toben.archer]>
>> 2017-07-06 10:28:41,779 WARN
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <Authentication has failed. Credentials may be incorrect or CAS
>cannot find
>> authentication handler that supports [toben.archer] of type
>> [UsernamePasswordCredential], which suggests a configuration
>problem.>
>>
>
>The problem appears to be the "DN resolution failed. [DN cannot be
>null]"
>which seems strange because I set baseDn, bindDn, and dnFormat. Have I
>missed something? Why is it still not working?
>
>--
>- CAS gitter chatroom: https://gitter.im/apereo/cas
>- CAS mailing list guidelines:
>https://apereo.github.io/cas/Mailing-Lists.html
>- CAS documentation website: https://apereo.github.io/cas
>- CAS project website: https://github.com/apereo/cas
>---
>You received this message because you are subscribed to the Google
>Groups "CAS Community" group.
>To unsubscribe from this group and stop receiving emails from it, send
>an email to cas-user+unsubscr...@apereo.org.
>To view this discussion on the web visit
>https://groups.google.com/a/apereo.org/d/msgid/cas-user/01662caf-30ab-4655-908d-a0ab5b2c7173%40apereo.org.
--
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma
brièveté.
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/31CDF2E0-8CFE-4A72-AEC6-4389F66A8D64%40univ-avignon.fr.
