Hello root, Thanks for quick response
i have used SHA format for LDAP password. and also tried below properties in cas.properties file but still problem is same which is "could not update account password" # LDAP Password Encoding cas.authn.ldap[0].passwordEncoder.type=DEFAULT cas.authn.ldap[0].passwordEncoder.characterEncoding=UTF-8 cas.authn.ldap[0].passwordEncoder.encodingAlgorithm=SHA I have a one doubt, right now I am using simple ldap database connection means url=ldap://localhost:389 so is it a reason password management not working? is there any complusion to use ssl ldap connection means url=ldaps://localhost:636 then and oly then password management work? Thanks and Regards Arti On Wednesday, July 8, 2020 at 5:10:33 PM UTC+5:30, Root wrote: > > Log is too much, but i can see the error is related to storing the LDAP > password type, what type of algorithm is used to store password?, (SSHA > ,SHA-512, scrypt, MD5.....etc) and the character encoding, the default > should be UTF-8 > > Try to keep default and try or just don't specify too much variables > relating to this in the cas properties. > > > > > > > > > > > On Wednesday, July 8, 2020 at 10:03:18 AM UTC+5:30 arti wavale wrote: > >> Hello, >> >> I am providing cas.log file, please once check it and if got any idea to >> resolve password managemnt problem then please guide me >> >> On Tuesday, June 23, 2020 at 4:01:08 PM UTC+5:30, Root wrote: >>> >>> >>> OK, but what about the logs?, looking at logs you can get some hint, >>> have you enabled CAS debug mode ( <Root level="DEBUG">) in cas-log4j2.xml >>> file?, and also in your LDAP server some option to enable debug/verbose >>> mode, after enable and restarting the services, tail both the logs and >>> try to change the LDAP password, and see what error you get in logs. >>> >>> >>> >>> >>> On Tuesday, June 23, 2020 at 2:28:14 PM UTC+5:30, arti wavale wrote: >>>> >>>> Hello Root, >>>> >>>> First of all, >>>> Thank you so much for your reply.. >>>> >>>> I'm using CAS v5.2 in which I have used "cas.authn.pm.ldap.userFilter= >>>> cn={user}" in cas.properties file. The userFilter attribute was >>>> renamed to searchFilter in CAS v5.3 but Still I have tried " >>>> cas.authn.pm.ldap.searchFilter=cn={user}" in cas.properties file and >>>> check it but same error occurred. >>>> >>>> Thanks and Regards >>>> Arti >>>> >>>> On Tuesday, June 23, 2020 at 11:58:16 AM UTC+5:30, Root wrote: >>>>> >>>>> >>>>> @Arthi, >>>>> >>>>> Have you included "cas.authn.pm.ldap.searchFilter=cn={user}" in >>>>> cas.properties?, and you should enable debug mode in both CAS and LDAP >>>>> server side and check both logs to get more detail. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Tuesday, June 23, 2020 at 11:14:12 AM UTC+5:30, arti wavale wrote: >>>>>> >>>>>> All detail information provided in a document . Please find the >>>>>> attachment >>>>>> >>>>>> I am facing error such as "could not update the account password " >>>>>> >>>>>> If anyone can help to resolve this issue >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------------------------------- >>>>>> >>>>>> *Pom.xml:* >>>>>> <dependency> <groupId>org.apereo.cas</groupId> >>>>>> <artifactId>cas-server-support-pm-ldap</artifactId> >>>>>> <version>${cas.version}</version></dependency> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> *cas.properties:* >>>>>> >>>>>> >>>>>> cas.authn.accept.users= cas.authn.ldap[0].order=0 >>>>>> cas.authn.ldap[0].name=LDAP >>>>>> Server cas.authn.ldap[0].type=AUTHENTICATED >>>>>> cas.authn.ldap[0].ldapUrl=ldap://localhost >>>>>> cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].useStartTls=false >>>>>> cas.authn.ldap[0].connectTimeout=50000 >>>>>> cas.authn.ldap[0].subtreeSearch=true >>>>>> cas.authn.ldap[0].validatePeriod=270 >>>>>> cas.authn.ldap[0].userFilter=cn={user} >>>>>> #cas.authn.ldap[0].userFilter=(|(uid={user})(cn={user})(mail={user})) >>>>>> cas.authn.ldap[0].baseDn=dc=example,dc=com >>>>>> #cas.authn.ldap[0].enhanceWithEntryResolver=true >>>>>> #cas.authn.ldap[0].dnFormat:cn=%s,cn=admin,dc=example,dc=com >>>>>> cas.authn.ldap[0].bindDn=cn=admin,dc=example,dc=com >>>>>> cas.authn.ldap[0].bindCredential=administrator >>>>>> cas.authn.ldap[0].enhanceWithEntryResolver=true >>>>>> cas.authn.ldap[0].dnFormat:cn=%s,cn=admin,dc=example,dc=com >>>>>> cas.authn.ldap[0].principalAttributeList=memberOf,uid,cn,mail >>>>>> cas.authn.ldap[0].collectDnAttribute=false >>>>>> >>>>>> >>>>>> cas.authn.ldap[0].principalAttributeId=cncas.authn.ldap[0].principalAttributePassword=userPassword# >>>>>> attributes to be retrieved from LDAP >>>>>> userPassword#cas.authn.ldap[0].principalAttributeList=uid,cn,mail#cas.authn.ldap[0].collectDnAttribute=falsecas.authn.ldap[0].principalDnAttributeName=principalLdapDncas.authn.ldap[0].allowMultiplePrincipalAttributeValues=truecas.authn.ldap[0].allowMissingPrincipalAttributeValue=true# >>>>>> cas.authn.ldap[0].credentialCriteria=# LDAP Password Encoding# >>>>>> cas.authn.ldap[0].passwordEncoder.type=# >>>>>> cas.authn.ldap[0].passwordEncoder.characterEncoding=UTF-8# >>>>>> cas.authn.ldap[0].passwordEncoder.encodingAlgorithm=SHA# LDAP >>>>>> Poolingcas.authn.ldap[0].minPoolSize=3cas.authn.ldap[0].maxPoolSize=50cas.authn.ldap[0].validateOnCheckout=truecas.authn.ldap[0].validatePeriodically=truecas.authn.ldap[0].validatePeriod=600cas.authn.ldap[0].failFast=truecas.authn.ldap[0].idleTime=5000cas.authn.ldap[0].prunePeriod=5000cas.authn.ldap[0].blockWaitTime=5000 >>>>>> cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvidercas.authn.ldap[0].allowMultipleDns=false >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> #Password Management >>>>>> spring.mail.host=mail.technology.comspring.mail.port=587spring.mail.username=x...@technology.comspring.mail.password=xxxxxxspring.mail.testConnection=truespring.mail.properties.mail.smtp.auth=truespring.mail.properties.mail.smtp.starttls.enable=true >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> cas.authn.pm.enabled=true#cas.authn.pm.policyPattern=^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%~()_{}-]).{8,}$ >>>>>> #cas.authn.pm.reset.text=password reset:%scas.authn.pm.reset.text=Reset >>>>>> your password with this link: %s#cas.authn.pm.reset.subject=armor >>>>>> password resetcas.authn.pm.reset.subject=Password Reset >>>>>> Requestcas.authn.pm.reset.from=${spring.mail.username}cas.authn.pm.reset.expirationMinutes=10cas.authn.pm.reset.emailAttribute=mailcas.authn.pm.reset.securityQuestionsEnabled=falsecas.authn.pm.autoLogin=false >>>>>> cas.authn.pm.reset.crypto.encryption.key=xxxxxxxxxxxxxxxxxxxxxxxxcas.authn.pm.reset.crypto.signing.key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxcas.authn.pm.reset.crypto.enabled=true >>>>>> >>>>>> #cas.authn.pm.enabled=truecas.authn.pm.ldap.type=GENERICcas.authn.pm.ldap.ldapUrl=${cas.authn.ldap[0].ldapUrl}cas.authn.pm.ldap.useSsl=falsecas.authn.pm.ldap.connectTimeout=5000cas.authn.pm.ldap.baseDn=${cas.authn.ldap[0].baseDn}cas.authn.pm.ldap.userFilter=${cas.authn.ldap[0].userFilter}cas.authn.pm.ldap.subtreeSearch=truecas.authn.pm.ldap.bindDn=cn=admin,dc=example,dc=comcas.authn.pm.ldap.bindCredential=administratorcas.authn.pm.ldap.poolPassivator=BINDcas.authn.pm.ldap.minPoolSize=3cas.authn.pm.ldap.maxPoolSize=10cas.authn.pm.ldap.validateOnCheckout=truecas.authn.pm.ldap.validatePeriodically=truecas.authn.pm.ldap.validatePeriod=600cas.authn.pm.ldap.validateTimeout=5000cas.authn.pm.ldap.failFast=true >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> cas.authn.pm.ldap.idleTime=500cas.authn.pm.ldap.prunePeriod=600cas.authn.pm.ldap.blockWaitTime=5000cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider >>>>>> #validatorcas.authn.pm.ldap.validator.type=SEARCHcas.authn.pm.ldap.validator.baseDn=dc=example,dc=com#cas.authn.pm.ldap.validator.searchFilter=(objectClass=*)cas.authn.pm.ldap.validator.scope=SUBTREE >>>>>> >>>>>> ----------------------------------------------------------------------- >>>>>> >>>>>> >>>>>> >>>>>> Thanks and Regards >>>>>> Arti >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Monday, June 22, 2020 at 12:23:54 PM UTC-7, Vikash Chandra Ansh >>>>>> wrote: >>>>>>> >>>>>>> Hi Arti, >>>>>>> >>>>>>> How are you proceeding with ldap password management. Please involve >>>>>>> me as well as I want to incorporate this in my application. >>>>>>> >>>>>>> Thanks and Regards >>>>>>> >>>>>>> On Sat, Jun 20, 2020 at 9:59 AM arti wavale <artiw...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>>> can you explain me, how implemented password management in cas 5.2 >>>>>>>> and can share cas.properties file and which dependency are you used in >>>>>>>> pox.xml file? >>>>>>>> >>>>>>>> On Tuesday, November 20, 2018 at 10:33:06 PM UTC+5:30, MD. Fazla >>>>>>>> Rabby wrote: >>>>>>>>> >>>>>>>>> We are already using CAS5.2 and password management working fine. >>>>>>>>> But for CAS version 6 we are getting the ldap referral error >>>>>>>>> "java.security.cert.CertificateException: Hostname does not match the >>>>>>>>> hostname in the server's certificate site:stackoverflow.com" >>>>>>>>> How to get around with this >>>>>>>>> >>>>>>>>> This is my cas.properties >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> cas.authn.pm.enabled=true >>>>>>>>> cas.authn.pm.policyPattern=^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9 >>>>>>>>> ])(?=.*?[#?!@$%~()_{}-]).{8,}$ >>>>>>>>> cas.authn.pm.reset.text=Reset your password with this link: %s >>>>>>>>> cas.authn.pm.reset.subject=Password Reset Request >>>>>>>>> cas.authn.pm.reset.from=myemail.mydomain.com >>>>>>>>> >>>>>>>>> >>>>>>>>> #password reset expiry is set to 1 day equivalent minutes >>>>>>>>> cas.authn.pm.reset.expirationMinutes=1440 >>>>>>>>> cas.authn.pm.reset.emailAttribute=secondaryEmail >>>>>>>>> cas.authn.pm.reset.securityQuestionsEnabled=true >>>>>>>>> >>>>>>>>> # Automatically log in after successful password change >>>>>>>>> cas.authn.pm.autoLogin=false >>>>>>>>> >>>>>>>>> # Used to sign/encrypt the password-reset link >>>>>>>>> cas.authn.pm.reset.crypto.encryption.key >>>>>>>>> =asdasdasdasdasdasdasdasdasdasd >>>>>>>>> cas.authn.pm.reset.crypto.signing.key >>>>>>>>> =asdasdasasdasdasdasdadsadasdasdasdasd >>>>>>>>> cas.authn.pm.reset.crypto.enabled=true >>>>>>>>> >>>>>>>>> >>>>>>>>> #Email Submissions >>>>>>>>> >>>>>>>>> spring.mail.host=smtp.office365.com >>>>>>>>> spring.mail.port=587 >>>>>>>>> spring.mail.username=mye...@email.com >>>>>>>>> spring.mail.password=pass >>>>>>>>> spring.mail.testConnection=true >>>>>>>>> spring.mail.properties.mail.smtp.auth=true >>>>>>>>> spring.mail.properties.mail.smtp.starttls.enable=true >>>>>>>>> >>>>>>>>> # >>>>>>>>> ##LDAP Password management >>>>>>>>> # >>>>>>>>> cas.authn.pm.ldap.type=AD >>>>>>>>> # >>>>>>>>> cas.authn.pm.ldap.ldapUrl=ldaps://myldap:636 >>>>>>>>> cas.authn.pm.ldap.useSsl=true >>>>>>>>> cas.authn.pm.ldap.useStartTls=false >>>>>>>>> cas.authn.pm.ldap.connectTimeout=50000 >>>>>>>>> cas.authn.pm.ldap.baseDn=DC=xx,DC=xx,DC=xx,DC=xx >>>>>>>>> cas.authn.pm.ldap.searchFilter=cn={user} >>>>>>>>> cas.authn.pm.ldap.subtreeSearch=true >>>>>>>>> cas.authn.pm.ldap.bindDn=CN=xx,OU=xx,DC=xx,DC=xx,DC=xx,DC=xx >>>>>>>>> cas.authn.pm.ldap.bindCredential=pass >>>>>>>>> # cas.authn.pm.ldap.connectionStrategy= >>>>>>>>> cas.authn.pm.ldap.trustCertificates=file:/etc/cas/myldap.cer >>>>>>>>> ## cas.authn.pm.ldap.keystore= >>>>>>>>> ## cas.authn.pm.ldap.keystorePassword= >>>>>>>>> ## cas.authn.pm.ldap.keystoreType=JKS|JCEKS|PKCS12 >>>>>>>>> cas.authn.pm.ldap.poolPassivator=BIND >>>>>>>>> cas.authn.pm.ldap.minPoolSize=3 >>>>>>>>> cas.authn.pm.ldap.maxPoolSize=10 >>>>>>>>> cas.authn.pm.ldap.validateOnCheckout=true >>>>>>>>> cas.authn.pm.ldap.validatePeriodically=true >>>>>>>>> cas.authn.pm.ldap.validatePeriod=600 >>>>>>>>> cas.authn.pm.ldap.validateTimeout=5000 >>>>>>>>> cas.authn.pm.ldap.failFast=true >>>>>>>>> cas.authn.pm.ldap.idleTime=500 >>>>>>>>> cas.authn.pm.ldap.prunePeriod=600 >>>>>>>>> cas.authn.pm.ldap.blockWaitTime=5000 >>>>>>>>> >>>>>>>>> ##cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider >>>>>>>>> # >>>>>>>>> ## Attributes that should be fetched to indicate security >>>>>>>>> questions and answers, >>>>>>>>> ## assuming security questions are enabled. >>>>>>>>> cas.authn.pm.ldap.securityQuestionsAttributes.attributeQuestion1 >>>>>>>>> =attributeAnswer1 >>>>>>>>> cas.authn.pm.ldap.securityQuestionsAttributes.attributeQuestion2 >>>>>>>>> =attributeAnswer2 >>>>>>>>> cas.authn.pm.ldap.securityQuestionsAttributes.attrQuestion3= >>>>>>>>> attributeAnswer2 >>>>>>>>> # >>>>>>>>> cas.authn.pm.ldap.validator.type=SEARCH >>>>>>>>> cas.authn.pm.ldap.validator.baseDn=DC=xx,DC=xx,DC=xx,DC=xx >>>>>>>>> ##cas.authn.pm.ldap.validator.searchFilter=(objectClass=*) >>>>>>>>> cas.authn.pm.ldap.validator.scope=SUBTREE >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>> --- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "CAS Community" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to cas-...@apereo.org. >>>>>>>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/1d2b5ab2-a319-47b7-a802-be92b1008802o%40apereo.org >>>>>>>> >>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1d2b5ab2-a319-47b7-a802-be92b1008802o%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>> . >>>>>>>> >>>>>>> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9ba35900-375c-4310-b1b4-e20319f82987o%40apereo.org.
