[cas-user] CAS 6.1-RC3 AD LDAP issue

Tue, 05 Mar 2019 14:32:54 -0800 

Hello,
I received the following error when trying to authenticate to our AD servers. 
I’m not sure what bit to flip to get the %s...@site.org to work for the 
dnFormat property, or if there is a new way to format the DN string for AD. 
Below is the error:

2019-03-05 16:23:22,455 DEBUG 
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <LDAP response: 
[[org.ldaptive.auth.AuthenticationResponse@1313847476::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE,
 resolvedDn=n...@wichita.edu, ldapEntry=[dn=n...@wichita.edu[]], 
accountState=null, result=false, resultCode=INVALID_DN_SYNTAX, 
message=LDAPException(resultCode=34 (invalid DN syntax), errorMessage='Unable 
to parse string 'n...@wichita.edu' as a DN because it does not have an equal 
sign after RDN attribute 'n...@wichita.edu'.', ldapSDKVersion=4.0.9, 
revision=29290), controls=null]]>

Bleow are the relevant AD configuration properties

cas.authn.ldap[0].searchFilter=sAMAccountName={user}

cas.authn.ldap[0].dnFormat=%s...@wichita.edu

cas.authn.ldap[0].derefAliases=ALWAYS

#cas.authn.ldap[0].dnFormat=sAMAccountName=%s,OU=Unix 
Group,OU=UCATS,OU=Academic Affairs,OU=Wichita State 
University,DC=ad,DC=wichita,DC=edu

cas.authn.ldap[0].principalAttributeId=sAMAccountName

cas.authn.ldap[0].principalAttributePassword=userPassword

#cas.authn.ldap[0].poolPassivator=NONE|CLOSE|BIND

cas.authn.ldap[0].poolPassivator=NONE

#cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider

cas.authn.ldap[0].connectTimeout=PT5S

cas.authn.ldap[0].minPoolSize=3

cas.authn.ldap[0].maxPoolSize=10

cas.authn.ldap[0].validateOnCheckout=true

cas.authn.ldap[0].validatePeriodically=true

cas.authn.ldap[0].validatePeriod=PT5M

cas.authn.ldap[0].validateTimeout=PT5S

cas.authn.ldap[0].failFast=true

cas.authn.ldap[0].idleTime=PT10M

cas.authn.ldap[0].prunePeriod=PT2H

cas.authn.ldap[0].blockWaitTime=PT3S

cas.authn.ldap[0].useSsl=true

cas.authn.ldap[0].useStartTls=false

cas.authn.ldap[0].responseTimeout=PT5S

cas.authn.ldap[0].allowMultipleDns=true

cas.authn.ldap[0].allowMultipleEntries=false

cas.authn.ldap[0].followReferrals=true

cas.authn.ldap[0].name=WSUAD

#cas.authn.ldap[0].trustCertificates=

#cas.authn.ldap[0].keystore=

#cas.authn.ldap[0].keystorePassword=

#cas.authn.ldap[0].keystoreType=JKS|JCEKS|PKCS12

#cas.authn.ldap[0].binaryAttributes=objectGUID,someOtherAttribute

cas.authn.ldap[0].principalAttributeList=cn:commonName,sAMAccountName:UDC_IDENTIFIER

cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true

Any help would be greatly appreciated.
Thanks,
Erik Mallory
Server Analyst
Wichita State University
316.978.3502

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/243A460A-3E81-415F-ABB1-C51F4C0EC247%40wichita.edu.

Reply via email to