Baron, Try removing that repository entry. Maven should default to maven central. If not, you can add it as a repo (get the url, https://repo1.maven.org/maven2/<https://repo1.maven.org/maven2/m>, from this page, https://mvnrepository.com/repos/central).
>From this page, https://mvnrepository.com/artifact/org.ldaptive/ldaptive, you >might find a version that works and runs on java 8. Ray On Thu, 2021-01-28 at 11:19 -1000, Baron Fujimoto wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. [Forking this thread to separate the ldaptive and maven repo issues] Per that spring-io advisory, it says, "The /snapshot, /milestone, and /release repositories will remain available, but please fetch our releases from a central repository". The only reference I see in our pom.xml to spring-io is: <repositories> … <repository> <id>spring-milestones</id> <url>https://repo.spring.io/milestone</url> </repository> </repositories> Would updating or supplementing with something else resolve these errors? Unfortunately, my experience with maven and these build strategies is pretty limited to what I've used to successfully build CAS in the past. I'll happily RTFM if someone could kindly point me to the appropriate FM that would explain this or how to pursue the other suggested strategies. On Thu, Jan 28, 2021 at 2:39 AM Jeffrey Miller <[email protected]<mailto:[email protected]>> wrote: For the Duo dependency, spring updated their use for artifacts in their repo and now libs-release (and probably libs-snapshot) is no longer available publicly https://spring.io/blog/2020/10/29/notice-of-permissions-changes-to-repo-spring-io-fall-and-winter-2020 On Wednesday, January 27, 2021 at 8:52:32 PM UTC-5 richard.frovarp wrote: For the Duo jar, you should put them in your own local repo? Or maybe the cache dir? I know that by default it feels like you have to hunt through a variety of external repos to find that dependency. I run a local Nexus install for us so I only have to hunt down once. For the LDAP problems, I think on the Shib list they say don't use the JNDI LDAP connector, in particular with JDK 11. But even then, I don't think the 1.8 JNDI provider is that great. So, you may be able to move over to the UnboundID provider and have better success? To determine what version is being used, I would recommend looking at what is in your resulting build artifact. I'm building to a war, and therefore the place for me to look to see what is being placed in the war file. So if the file is present in the lib dir where you are running it, it might be using. I don't remember if there is an authoritative way the JRE loads libs or not. I generally assume that if there are two in the classpath, it is going to randomly load out of one of them. It's probably deterministic in some way, but if you have to ask about load order, you're probably in a space you don't want to be in. I know that with overlays I've had trouble getting the version I want to be the only one. I don't think the normal Maven rules for dependency versions fully apply for overlays. You're best off putting excludes in to ensure the version you don't want is excluded. You can also exclude out of the overlay, and I see that I'm doing that. I just don't remember why I'm doing that. I have spring and log4j in those excludes. I'm excluding Duo out of a normal dependency section. I have a different GAV bringing that dependency in. We're using the UnboundID provider. ________________________________ From: [email protected] <[email protected]> on behalf of Baron Fujimoto <[email protected]> Sent: Wednesday, January 27, 2021 19:06 To: CAS Users <[email protected]> Subject: [cas-user] CAS 5.0.x newer ldaptive? I'm working with Oracle to troubleshoot a bug we've encountered with their JDK (1.8u231+) and LDAP errors. According to their analysis, they're claiming that the problem lies with the ldaptive library being used by this old (I know) version of CAS. More specifically that the subsequent JDKs adhere to spec, and the ldaptive library appears to be testing for unspecified behaviour. They are recommending I try a newer version of the ldaptive library which does not appear to have the same code. I added the following to our pom.xml: <dependency> <groupId>org.ldaptive</groupId> <artifactId>ldaptive</artifactId> <version>2.0.1</version> </dependency> When I ran "mvn clean package" I think it looked like it was including the 2.0.1 version of ldaptive in the build. However, it seems like I'm still seeing LDAP problems. When I try to login, it will often result in the errors such as the following being logged: 2021-01-27 12:10:56,974 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Attempting LDAP authentication for baron> 2021-01-27 12:10:56,986 WARN [org.ldaptive.pool.BlockingConnectionPool] - <connection failed check out validation: org.ldaptive.pool.AbstractConnectionPool$DefaultPooledConnectionProxy@4b6106ff> 2021-01-27 12:10:56,989 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler: Unexpected LDAP error (Details: Validation of connection failed)> Eventually the validation succeeds, then so does the authentication. How can I verify which version of ldaptive is being used by CAS? I don't think I saw anything indicating this in the logs. If I search for ldaptive in my overlay work directory I find the following: ===== $ grep -ilr ldaptive . ./target/cas.war ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/classes/log4j2.xml ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/person-directory-impl-1.8.4.jar ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/ldaptive-1.2.0.jar ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/ldaptive-beans-1.2.0.jar ./target/cas/WEB-INF/classes/log4j2.xml ./target/cas/WEB-INF/lib/person-directory-impl-1.8.4.jar ./target/cas/WEB-INF/lib/ldaptive-1.2.0.jar ./target/cas/WEB-INF/lib/ldaptive-beans-1.2.0.jar ./target/cas/WEB-INF/lib/ldaptive-beans-2.0.1.jar ./target/cas/WEB-INF/lib/ldaptive-2.0.1.jar ./pom.xml ./etc/cas/config/log4j2.xml ===== I see an ldaptive-2.0.1.jar and ldaptive-beans-2.0.1.jar, but also ldaptive-1.2.0.jar and ldaptive-beans-1.2.0.jar. The 1.2.0 versions are always present after the build even if I delete them first, so something must be re-including them. How can I ensure that the new ldaptive is used in place of the old one? Unrelated, but I'm also seeing the following errors in the build now that weren't present when I originally built this long ago: Downloading: https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/-SNAPSHOT/maven-metadata.xml [WARNING] Could not transfer metadata com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not authorized , ReasonPhrase:Unauthorized. [WARNING] Failure to transfer com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from https://repo.spring.io/libs-snapshot was cached in the local repository, resolution will not be reattempted until the update interval of spring-libs-snapshots has elapsed or updates are forced. Original error: Could not transfer metadata com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not authorized , ReasonPhrase:Unauthorized. Downloading: https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-client/-SNAPSHOT/maven-metadata.xml [WARNING] Could not transfer metadata com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not authorized , ReasonPhrase:Unauthorized. [WARNING] Failure to transfer com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml from https://repo.spring.io/libs-snapshot was cached in the local repository, resolution will not be reattempted until the update interval of spring-libs-snapshots has elapsed or updates are forced. Original error: Could not transfer metadata com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not authorized , ReasonPhrase:Unauthorized. Downloading: https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-example-admin/-SNAPSHOT/maven-metadata.xml [WARNING] Could not transfer metadata com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not authorized , ReasonPhrase:Unauthorized. [WARNING] Failure to transfer com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml from https://repo.spring.io/libs-snapshot was cached in the local repository, resolution will not be reattempted until the update interval of spring-libs-snapshots has elapsed or updates are forced. Original error: Could not transfer metadata com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not authorized , ReasonPhrase:Unauthorized. Downloading: https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-client-all/-SNAPSHOT/maven-metadata.xml [WARNING] Could not transfer metadata com.github.duosecurity.duo_client_java:duo-client-all:-SNAPSHOT/maven-metadata.xml from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not authorized , ReasonPhrase:Unauthorized. It seems prudent to resolve these build errors as well. -- Baron Fujimoto <[email protected]> :: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum desendus pantorum -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL20VkUPAgFORD_Jb-nNaoNK_EiZb3uc_BfN8KF8gSyThg%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL20VkUPAgFORD_Jb-nNaoNK_EiZb3uc_BfN8KF8gSyThg%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5a361cc6-a099-4a45-86c6-d479db055159n%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/5a361cc6-a099-4a45-86c6-d479db055159n%40apereo.org?utm_medium=email&utm_source=footer>. -- Baron Fujimoto <[email protected]<mailto:[email protected]>> :: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum desendus pantorum -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/dd0757af488e5c338c096816d06e99daec0496f4.camel%40uvic.ca.
