Hi, you're almost right. I checked the running pod ion Kubernetes on friday and for some reason the cas.properties was located at /etc/cas instead of /etc/cas/config.
After I changed that, CAS is no longer forcing static authentication and I can move on to get the LDAP connection working. Thanks! Am Donnerstag, 27. Juni 2019 17:10:03 UTC+2 schrieb rbon: > > Perhaps your config file location is not being set in the deploy and CAS > is picking up default configs (where static auth is enabled). > > Ray > > On Thu, 2019-06-27 at 02:16 -0700, tnbreitkreutz wrote: > > Hi, > > while trying to deploy CAS 6.0.4 to Kubernetes via Hudson/Jenkins, I ran > into some problems. > > CAS keeps showing a hint that static authentication is enabled, even > though it was disabled in cas.properties by setting > *cas.authn.accept.users* to blank like mentioned in > https://apereo.github.io/2018/06/09/cas53-gettingstarted-overlay/ > > Build is (successfully) done via Gradle and LDAP is included as depencendy > compile "org.apereo.cas:cas-server-support-ldap:${casServerVersion}" > > > LDAP settings are correct (according to the admin I'm working with) and > equally to an older CAS version we're currently running. > LDAP log shows nothing. > > CAS is supposed to be running behind a proxy (nginx). > > cas.properties: > > cas.server.name=https://cas.example.org > cas.server.prefix=${cas.server.name}/cas > > logging.config: file:/etc/cas/config/log4j2.xml > logging.level.org.apereo=DEBUG > > cas.authn.accept.users= > # cas.authn.accept.name= > # cas.authn.accept.credentialCriteria= > > # cas.authn.ldap[0].name=domain.lan > cas.authn.ldap[0].type=AD > cas.authn.ldap[0].ldapUrl=ldaps://domain.lan:636 > cas.authn.ldap[0].baseDn=DC=domain,DC=lan > cas.authn.ldap[0].validatePeriod=PT5M > cas.authn.ldap[0].poolPassivator=NONE > cas.authn.ldap[0].userFilter=sAMAccountName={user} > cas.authn.ldap[0].minPoolSize=1 > cas.authn.ldap[0].maxPoolSize=10 > cas.authn.ldap[0].validateOnCheckout=false > cas.authn.ldap[0].validatePeriodically=true > cas.authn.ldap[0].validatePeriod=PT5M > cas.authn.ldap[0].validateTimeout=PT5S > cas.authn.ldap[0].failFast=true > cas.authn.ldap[0].idleTime=PT10M > cas.authn.ldap[0].prunePeriod=PT2H > cas.authn.ldap[0].blockWaitTime=PT3S > cas.authn.ldap[0].useStartTls=false > # cas.authn.ldap[0].useSsl=true > > # server.port=8080 > # server.ssl.enabled=false > # cas.server.http.enabled=false > # cas.server.httpProxy.enabled=true > # cas.server.httpProxy.secure=true > # cas.server.httpProxy.scheme=https > # cas.server.httpProxy.protocol=HTTP/1.1 > > > Is there somethng I could've missed to enable LDAP auth the right way...? > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 | CLE 019 | rb...@uvic.ca <javascript:> > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9a538efe-6cf1-4e14-b76f-eb9f692cb7a7%40apereo.org.
