It looks like you have a mix of different formats for property names. Can you share your current properties?
You have some older names mixed with some current names. For example, after reviewing your original message, the ‘base DN’ property should be ‘cas.authn.ldap[0].base-dn’ and not ‘cas.authn.ldap[0].baseDn’. Also, the ‘sub-tree search’ should be ‘cas.authn.ldap[0].subtree-search’ and not ‘cas.authn.ldap[0].subtreeSearch’. # Active Directory cas.authn.ldap[0].type=AD cas.authn.ldap[0].ldapUrl=ldap://localhost:389 cas.authn.ldap[0].useStartTls=false cas.authn.ldap[0].baseDn=DC=AAA,DC=BBB cas.authn.ldap[0].search-filter=(sAMAccountName={user}) cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].dn-format=cn=%s,DC=AAA,DC=BBB For reference: https://apereo.github.io/cas/6.6.x/authentication/LDAP-Authentication.html Thanks, Tom From: cas-user@apereo.org <cas-user@apereo.org> On Behalf Of Jason Everling Sent: Wednesday, June 21, 2023 10:59 AM To: CAS Community <cas-user@apereo.org> Cc: Ray Bon <r...@uvic.ca>; dfisher <dfis...@vt.edu> Subject: [EXT] Re: [cas-user] CAS 6.6.8 - Authenticate using AD CAUTION: This email originated from outside of SIG. Exercise caution when opening attachments or clicking links, especially from unknown senders. [EXT-STAMP-ADDED] Try authenticated type instead, cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].bindDn=YOUR_BIND_DN, Can be upn format as well instead of full dn cas.authn.ldap[0].bindCredential=YOUR_BIND_PASSWORD On Wednesday, June 21, 2023 at 9:42:15 AM UTC-5 Ray Bon wrote: Jérémie, 'Unknown user name or bad password.' Suggests that this is an issue on AD side. See https://fawnoos.com/2022/11/24/cas70x-azure-active-directory/ or this older one https://fawnoos.com/2017/11/22/cas-saml-integration-adfs/ Ray On Mon, 2023-06-19 at 00:41 -0700, Jérémie wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. All logs were already set to DEBUG. I don't think firewall rules are causing the issue here as I'm reaching the AD. Tomcat stdout logs : 2023-06-19 07:32:52,281 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[LdapAuthenticationHandler] exception details: [].> 2023-06-19 07:32:52,281 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[Static Credentials] exception details: [cas not found in backing map.].> 2023-06-19 07:32:52,281 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: cas WHAT: [UsernamePasswordCredential(username=cas, source=null, customFields={})] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Mon Jun 19 07:32:52 UTC 2023 cas is my user to recall. AD Logs (not sure if I can get more detailed, not an AD expert) : [https://groups.google.com/a/apereo.org/group/cas-user/attach/532a7e604b348/F8LpQIKbQg.png?part=0.1&view=1] Account For Which Logon Failed: Security ID: NULL SID Account Name: cas Account Domain: AAA Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xC000006D Sub Status: 0xC000006A Process Information: Caller Process ID: 0x34c Caller Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: XXX Source Network Address: 127.0.0.1 Source Port: 51309 Detailed Authentication Information: Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Transited Services: - Package Name (NTLM only): - Key Length: 0 Le samedi 17 juin 2023 à 06:38:24 UTC+2, dfisher a écrit : On Fri, Jun 16, 2023 at 5:56 AM Jérémie <crazybr...@gmail.com<mailto:crazybr...@gmail.com>> wrote: Thank for the logger, I've added it at the end of log4j2 file and set level todebug You'll probably get a more complete picture if you set all of `org.ldaptive` to DEBUG. Here is my error log now (debug logs doesn't seem to give much more information) : 2023-06-16 09:12:06,090 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.> 2023-06-16 09:12:22,891 WARN [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught exception for org.ldaptive.transport.netty.NettyConnection@472298790::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap<mailto:org.ldaptive.transport.netty.NettyConnection@472298790::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap>, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=2023-06-16T09:09:32.569972500Z, connectionConfig=[org.ldaptive.ConnectionConfig@1751226570::ldapUrl=ldap://localhost:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c<mailto:autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c>, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@1885893078::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@26a2d23f<mailto:hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@26a2d23f>, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=null, connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@1122089449::ldapURLSet=[org.ldaptive.LdapURLSet@1745317225::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]], inactive=[]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@6bd15511<mailto:activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@6bd15511>, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773<mailto:retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773>, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0x560c13d8, L:/127.0.0.1:64781<http://127.0.0.1:64781> - R:localhost/127.0.0.1:389<http://127.0.0.1:389>]> Any localhost firewall rules that may be causing problems? What does the AD logs say? --Daniel Fisher -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/15727e8d-1679-4f1a-b6cb-f959d3d641b0n%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/15727e8d-1679-4f1a-b6cb-f959d3d641b0n%40apereo.org?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/PH0PR02MB75417E3A13B719CCC3384FEECB22A%40PH0PR02MB7541.namprd02.prod.outlook.com.