Hello, I received the following error when trying to authenticate to our AD servers. I’m not sure what bit to flip to get the %s...@site.org to work for the dnFormat property, or if there is a new way to format the DN string for AD. Below is the error:
2019-03-05 16:23:22,455 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <LDAP response: [[org.ldaptive.auth.AuthenticationResponse@1313847476::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE, resolvedDn=n...@wichita.edu, ldapEntry=[dn=n...@wichita.edu[]], accountState=null, result=false, resultCode=INVALID_DN_SYNTAX, message=LDAPException(resultCode=34 (invalid DN syntax), errorMessage='Unable to parse string 'n...@wichita.edu' as a DN because it does not have an equal sign after RDN attribute 'n...@wichita.edu'.', ldapSDKVersion=4.0.9, revision=29290), controls=null]]> Bleow are the relevant AD configuration properties cas.authn.ldap[0].searchFilter=sAMAccountName={user} cas.authn.ldap[0].dnFormat=%s...@wichita.edu cas.authn.ldap[0].derefAliases=ALWAYS #cas.authn.ldap[0].dnFormat=sAMAccountName=%s,OU=Unix Group,OU=UCATS,OU=Academic Affairs,OU=Wichita State University,DC=ad,DC=wichita,DC=edu cas.authn.ldap[0].principalAttributeId=sAMAccountName cas.authn.ldap[0].principalAttributePassword=userPassword #cas.authn.ldap[0].poolPassivator=NONE|CLOSE|BIND cas.authn.ldap[0].poolPassivator=NONE #cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider cas.authn.ldap[0].connectTimeout=PT5S cas.authn.ldap[0].minPoolSize=3 cas.authn.ldap[0].maxPoolSize=10 cas.authn.ldap[0].validateOnCheckout=true cas.authn.ldap[0].validatePeriodically=true cas.authn.ldap[0].validatePeriod=PT5M cas.authn.ldap[0].validateTimeout=PT5S cas.authn.ldap[0].failFast=true cas.authn.ldap[0].idleTime=PT10M cas.authn.ldap[0].prunePeriod=PT2H cas.authn.ldap[0].blockWaitTime=PT3S cas.authn.ldap[0].useSsl=true cas.authn.ldap[0].useStartTls=false cas.authn.ldap[0].responseTimeout=PT5S cas.authn.ldap[0].allowMultipleDns=true cas.authn.ldap[0].allowMultipleEntries=false cas.authn.ldap[0].followReferrals=true cas.authn.ldap[0].name=WSUAD #cas.authn.ldap[0].trustCertificates= #cas.authn.ldap[0].keystore= #cas.authn.ldap[0].keystorePassword= #cas.authn.ldap[0].keystoreType=JKS|JCEKS|PKCS12 #cas.authn.ldap[0].binaryAttributes=objectGUID,someOtherAttribute cas.authn.ldap[0].principalAttributeList=cn:commonName,sAMAccountName:UDC_IDENTIFIER cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true Any help would be greatly appreciated. Thanks, Erik Mallory Server Analyst Wichita State University 316.978.3502 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/243A460A-3E81-415F-ABB1-C51F4C0EC247%40wichita.edu.