Alain,
First figure out why the APR is giving an error.
Remove the dependency for unboundid-ldapsdk. My recent pull of CAS shows a
version of 1.2.4. You should not need to add dependencies outside of those for
CAS features unless you are adding custom code.
What version of tomcat are you using?
Ray
On Fri, 2019-05-10 at 10:56 +0200, alain ubfc wrote:
Hello Ray,
Yes indeed I made a copy / paste.
I modified in the build.gradle file:
dependencies {
compile
"org.apereo.cas:cas-server-webapp${project.appServer}:${casServerVersion}"
// Other CAS dependencies/modules may be listed here...
compile
"org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
compile "com.unboundid:unboundid-ldapsdk:4.0.9"
compile
"org.apereo.cas:cas-server-support-aup-webflow:${project.'cas.version'}"
compile
"org.apereo.cas:cas-server-support-aup-ldap:${project.'cas.version'}"
*Then in the file / etc / case / config*
cas.server.name=
<https://cas.test.univ-bfc.fr:8443>
https://cas.test.univ-bfc.fr:8443
cas.server.prefix=${cas.server.name}/cas
logging.config: file:/etc/cas/config/log4j2.xml
# cas.authn.accept.users=
cas.acceptableUsagePolicy.enabled=true
cas.acceptableUsagePolicy.aupAttributeName=aupAccepted
cas.acceptableUsagePolicy.scope=AUTHENTICATION
### CNX LDAP
cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].useSsl=true
cas.authn.ldap[0].ldapUrl=ldap://192.168.0.54:389
cas.authn.ldap[0].baseDn=dc=test,dc=univ-bfc,dc=fr
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].searchFilter=uid={user}
cas.authn.ldap[0].principalAttributeList=cn,givenName,mail
# Regles Usages
cas.acceptableUsagePolicy.ldap.ldapUrl=Ldap:// 192.168.0.54:389
cas.acceptableUsagePolicy.ldap.baseDn=dc=test,dc=univ-bfc,dc=fr
cas.acceptableUsagePolicy.ldap.searchFilter=uid={user}
cas.acceptableUsagePolicy.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
cas.acceptableUsagePolicy.ldap.connectTimeout=5000
cas.acceptableUsagePolicy.ldap.minPoolSize=3
cas.acceptableUsagePolicy.ldap.maxPoolSize=10
cas.acceptableUsagePolicy.ldap.validateOnCheckout=true
cas.acceptableUsagePolicy.ldap.validatePeriodically=true
cas.acceptableUsagePolicy.ldap.validatePeriod=600
cas.acceptableUsagePolicy.ldap.idleTime=500
cas.acceptableUsagePolicy.ldap.prunePeriod=600
cas.acceptableUsagePolicy.ldap.blockWaitTime=5000
cas.acceptableUsagePolicy.ldap.useStartTls=false
I have come the case logs: case-219-05-10-08-1.log in /var/log/
He tells me that:
2019-05-10 08:58:39,076 ERROR
[org.apache.catalina.core.AprLifecycleListener] - <An incompatible version
[1.2.12] of the APR based Apache Tomcat Native library is installed, while
Tomcat requires version [1.2.14]>
2019-05-10 08:58:39,402 ERROR
[org.apache.catalina.core.AprLifecycleListener] - <An incompatible version
[1.2.12] of the APR based Apache Tomcat Native library is installed, while
Tomcat requires version [1.2.14]>
Caused by: com.unboundid.ldap.sdk.LDAPException: An error occurred while
attempting to connect to server 192.168.0.54:389:
IOException(LDAPException(resultCode=91 (connect error),
errorMessage='Trust verification failed for 192.168.0.54' $,
ldapSDKVersion=4.0.10, revision=b2272901fd62ad978017ff1aeb049cafc1999b12))
019-05-10 08:58:46,603 DEBUG
[org.ldaptive.provider.unboundid.UnboundIDConnectionFactory] - <Error
connecting to LDAP URL: ldap:// 192.168.0.54:389>
org.ldaptive.provider.ConnectionException: LDAPException(resultCode=91
(connect error), errorMessage='An error occurred while attempting to
connect to server 192.168.0.54:389:
IOException(LDAPException(resultCode=91 (connect error), err$
at
org.ldaptive.provider.unboundid.UnboundIDConnectionFactory.createInternal(UnboundIDConnectionFactory.java:65)
~[ldaptive-unboundid-1.2.4.jar!/:?]
Caused by: com.unboundid.ldap.sdk.LDAPException: An error occurred while
attempting to connect to server 192.168.0.54:389:
IOException(LDAPException(resultCode=91 (connect error),
errorMessage='Trust verification failed for 192.168.0.54:389 '$
at
com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:871)
~[unboundid-ldapsdk-4.0.10.jar!/:4.0.10]
I do not understand because with apache studio I connect well.
Alain
Le jeu. 9 mai 2019 à 19:04, Ray Bon <
<mailto:[email protected]>
[email protected]
> a écrit :
Alain,
After the commented out casuser line, add this to override a possible
default:
cas.authn.accept.users=
Are you typing your config into the email or copy and paste? I ask because
there are unexpected spaces in the keys:
cas.authn.ldap [0] .baseDn = DC = test, DC = univ-bfc, DC = fr
when it should be:
cas.authn.ldap[0].baseDn
and there is a missing '}' on the searchFilter line.
You might want to remove the spaces in the values as well (not sure how
LDAP/AD will treat them).
Increase the logging level:
<Property name="cas.log.level">debug</Property>
<Property name="ldap.log.level">debug</Property>
If you are not able to see more details in the logs and casuser can still
log in, it means that your config is not being read.
CAS will try to copy cas.properties and log4j2.xml to /etc/cas. Make sure
the user deploying cas has write access to this directory.
Test your LDAP/AD settings with an external tool like ldapsearch or apache
directory studio.
Ray
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/59e27a83cb3c4769ad46219c74234e95bdb20f5a.camel%40uvic.ca.
