Since the approach of trying to use an updated ldaptive library was rapidly getting complicated, I tried the suggested UnboundIDProvider[*] with the following in my cas.properties:
cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider But CAS throws this exception on startup: ERROR [org.apereo.cas.configuration.support.Beans] - <org.ldaptive.provider.unboundid.UnboundIDProvider> java.lang.ClassNotFoundException: org.ldaptive.provider.unboundid.UnboundIDProvider So perhaps I'm missing some other prerequisite? I don't see other mention or discussion of it in the docs though. [*] I can't seem to find a 5.0.x version of /Configuration-Properties-Common.html#ldap-connection-settings but this property is also listed in the 5.0.x properties < https://apereo.github.io/cas/5.0.x/installation/Configuration-Properties.html > On Thu, Jan 28, 2021 at 11:18 AM 'Richard Frovarp' via CAS Community < [email protected]> wrote: > You have to do overlay exclusions. Which for me looks like. Obviously > close the XML out as appropriate. I have further build plugins. > > <build> > <plugins> > <plugin> > <artifactId>maven-war-plugin</artifactId> > <version>2.6</version> > <configuration> > <failOnMissingWebXml>false</failOnMissingWebXml> > <recompressZippedFiles>false</recompressZippedFiles> > <archive> > <compress>false</compress> > <manifestFile> > ${project.build.directory}/war/work/org.apereo.cas/cas-server-webapp/META-INF/MANIFEST.MF > </manifestFile> > </archive> > <overlays> > <overlay> > <groupId>org.apereo.cas</groupId> > <artifactId>cas-server-webapp</artifactId> > <excludes> > <!-- <exclude>WEB-INF/cas.properties</exclude> --> > <exclude>WEB-INF/classes/application*.properties</exclude> > <exclude>WEB-INF/lib/spring*.jar</exclude> > <exclude>WEB-INF/lib/log4j*.jar</exclude> > </excludes> > </overlay> > </overlays> > <warName>cas</warName> > </configuration> > </plugin> > > > But that isn't going to help you to put ldaptive in there. If you look at > the pom for ldaptive 2.0, they are calling for Java 11. Guessing they are > using something that is JDK 11 specific. Maybe you can rebuild with 8 and > it will work, I don't know. > > I would go with the easier solution of giving the UnboundID provider a > try. > https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties-Common.html#ldap-connection-settings > Bypass > the JDK code altogether. > > On Thu, 2021-01-28 at 10:56 -1000, Baron Fujimoto wrote: > > Hmm, the older ldaptive-1.2.0.jar and ldaptive-beans-1.2.0.jar don't > appear in the packages dependency tree, I'm not sure how I would > exclude them from the build. If I manually delete them from the resulting > cas.war file, then when I start CAS, I encounter the following > error/exception: > > ERROR [org.springframework.boot.SpringApplication] - <Application startup > failed> > java.lang.UnsupportedClassVersionError: org/ldaptive/ConnectionFactory has > been compiled by a more recent version of the Java Runtime (class file > version 55.0), this version of the Java Runtime only recognizes class file > versions up to 52.0 (unable to load class [org.ldaptive.ConnectionFactory]) > > If my google-fu is right, this suggests that the newer ldaptive jar files > included via the overlay pom.xml were compiled with Java 11 rather than the > Java 8 we are using. If I wanted to continue down this path, I suppose that > means I would need to compile the newer ldaptive jars myself from source > using our installed Java 8? And if successful, then manually place them in > the resulting cas.war file? Or is there an easier way? > > On Thu, Jan 28, 2021 at 7:46 AM Ray Bon <[email protected]> wrote: > > Baron, > > Check what packages are included in the build with: > mvn dependency:tree > > You can <exclude> transitive dependencies for the old library. > But, the overlay, itself, may include an old version of the library, which > means that you would have to manually remove the old one from the war. > Maybe the exclude can be applied to the overlay too??? > > Ray > > On Wed, 2021-01-27 at 15:06 -1000, Baron Fujimoto wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > I'm working with Oracle to troubleshoot a bug we've encountered with their > JDK (1.8u231+) and LDAP errors. According to their analysis, they're > claiming that the problem lies with the ldaptive library being used by this > old (I know) version of CAS. More specifically that the subsequent JDKs > adhere to spec, and the ldaptive library appears to be testing for > unspecified behaviour. They are recommending I try a newer version of the > ldaptive library which does not appear to have the same code. > > I added the following to our pom.xml: > > <dependency> > <groupId>org.ldaptive</groupId> > <artifactId>ldaptive</artifactId> > <version>2.0.1</version> > </dependency> > > When I ran "mvn clean package" I think it looked like it was including the > 2.0.1 version of ldaptive in the build. However, it seems like I'm still > seeing LDAP problems. When I try to login, it will often result in the > errors such as the following being logged: > > 2021-01-27 12:10:56,974 DEBUG > [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Attempting > LDAP authentication for baron> > 2021-01-27 12:10:56,986 WARN [org.ldaptive.pool.BlockingConnectionPool] - > <connection failed check out validation: > org.ldaptive.pool.AbstractConnectionPool$DefaultPooledConnectionProxy@4b6106ff > > > 2021-01-27 12:10:56,989 ERROR > [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - > <LdapAuthenticationHandler: Unexpected LDAP error (Details: Validation of > connection failed)> > > Eventually the validation succeeds, then so does the authentication. > > How can I verify which version of ldaptive is being used by CAS? I don't > think I saw anything indicating this in the logs. If I search for ldaptive > in my overlay work directory I find the following: > > ===== > $ grep -ilr ldaptive . > ./target/cas.war > > ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/classes/log4j2.xml > > ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/person-directory-impl-1.8.4.jar > > ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/ldaptive-1.2.0.jar > > ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/ldaptive-beans-1.2.0.jar > ./target/cas/WEB-INF/classes/log4j2.xml > ./target/cas/WEB-INF/lib/person-directory-impl-1.8.4.jar > ./target/cas/WEB-INF/lib/ldaptive-1.2.0.jar > ./target/cas/WEB-INF/lib/ldaptive-beans-1.2.0.jar > ./target/cas/WEB-INF/lib/ldaptive-beans-2.0.1.jar > ./target/cas/WEB-INF/lib/ldaptive-2.0.1.jar > ./pom.xml > ./etc/cas/config/log4j2.xml > ===== > > I see an ldaptive-2.0.1.jar and ldaptive-beans-2.0.1.jar, but > also ldaptive-1.2.0.jar and ldaptive-beans-1.2.0.jar. The 1.2.0 versions > are always present after the build even if I delete them first, so > something must be re-including them. How can I ensure that the new ldaptive > is used in place of the old one? > > Unrelated, but I'm also seeing the following errors in the build now that > weren't present when I originally built this long ago: > > Downloading: > https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/-SNAPSHOT/maven-metadata.xml > [WARNING] Could not transfer metadata > com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from/to > spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > [WARNING] Failure to transfer > com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from > https://repo.spring.io/libs-snapshot was cached in the local repository, > resolution will not be reattempted until the update interval of > spring-libs-snapshots has elapsed or updates are forced. Original error: > Could not transfer metadata > com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from/to > spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > Downloading: > https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-client/-SNAPSHOT/maven-metadata.xml > [WARNING] Could not transfer metadata > com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml > from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > [WARNING] Failure to transfer > com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml > from https://repo.spring.io/libs-snapshot was cached in the local > repository, resolution will not be reattempted until the update interval of > spring-libs-snapshots has elapsed or updates are forced. Original error: > Could not transfer metadata > com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml > from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > Downloading: > https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-example-admin/-SNAPSHOT/maven-metadata.xml > [WARNING] Could not transfer metadata > com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml > from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > [WARNING] Failure to transfer > com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml > from https://repo.spring.io/libs-snapshot was cached in the local > repository, resolution will not be reattempted until the update interval of > spring-libs-snapshots has elapsed or updates are forced. Original error: > Could not transfer metadata > com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml > from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > Downloading: > https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-client-all/-SNAPSHOT/maven-metadata.xml > [WARNING] Could not transfer metadata > com.github.duosecurity.duo_client_java:duo-client-all:-SNAPSHOT/maven-metadata.xml > from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > > It seems prudent to resolve these build errors as well. > -- > Baron Fujimoto <[email protected]> :: UH Information Technology Services > minutas cantorum, minutas balorum, minutas carboratum desendus pantorum > > -- > > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/8bce280697887a84a31350dec8e78364b7ea07a5.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/8bce280697887a84a31350dec8e78364b7ea07a5.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > > > -- > Baron Fujimoto <[email protected]> :: UH Information Technology Services > minutas cantorum, minutas balorum, minutas carboratum desendus pantorum > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/a804a14d7388bf1771f73dc216cee6453d8505eb.camel%40ndsu.edu > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/a804a14d7388bf1771f73dc216cee6453d8505eb.camel%40ndsu.edu?utm_medium=email&utm_source=footer> > . > -- Baron Fujimoto <[email protected]> :: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum desendus pantorum -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL1Ga0Ecx-hBVG8meY89fRhtY5BRrVqZbXczonVycDDqrA%40mail.gmail.com.
