It works for SSHA password without configuration or change.
Exemple for CAS 6.0.5 provided by cas-overlay-6.0 and ldap Oracle Directory Server 11.
cas.properties :
cas.server.name=https://yourServer:8443
cas.server.prefix=${cas.server.name}/cas
# usefull to modifiy log level. Right path for cas-overlay-6.0
logging.config=file:/etc/cas/config/log4j2.xml
# connexion au ldap sur votre serveur ldap en anonyme
###############################################################################
cas.authn.ldap[0].ldapUrl=ldap://myServer.fr:389/
cas.authn.ldap[0].type=ANONYMOUS
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].useStartTls=false
# connexion au ldap en mode authentifié
###############################################################################
#cas.authn.ldap[0].ldapUrl=ldap://myServer.fr:389/
#cas.authn.ldap[0].useSsl=false
#cas.authn.ldap[0].useStartTls=false
#cas.authn.ldap[0].type=AUTHENTICATED
## Identifiant pour se connecter au LDAP
#cas.authn.ldap[0].bindDn=cn=Directory Manager
#cas.authn.ldap[0].bindCredential=myPassword
# search for cas user who try to test login connection
################################################################################
cas.authn.ldap[0].baseDn=ou=XXXXXX,ou=educ,o=gouv,c=fr
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].searchFilter=(&(objectClass=person)(uid={user}))
#cas.authn.ldap[0].searchFilter=uid={user}
#cas.authn.ldap[0].principalAttributeList=cn,givenName,mail,sn
With cas-overlay-6.0 you need to copy conf :
./build.sh copy
for testing when something goes wrong :
cas server side :
telnet yourLdapServer.fr 389
must works !
ldapsearch -h yourLdapServer.fr -D "cn=Directory Manager" -w yourPassword -b "ou=personnels,ou=XXXXX,ou=educ,o=gouv,c=fr" uid=loginTest
or anonyme connexion
ldapsearch -h yourLdapServer.fr -x -b "ou=personnels,ou=XXXXX,ou=educ,o=gouv,c=fr" uid=loginTest
must provide card
ldap server side
tcpdump -v -i eth0 -s 0 -A 'tcp dst port 389'
must provide line like this (when you run ldapsearch or cas test login connection) :
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
18:04:23.846472 IP (tos 0x0, ttl 64, id 19303, offset 0, flags [DF], proto 6, length: 60) yourCasServer.fr.59810 > yourLdapServer.ldap: S [tcp sum ok] ...
if connection between cas and ldap fails correct this lines in cas.properties :
cas.authn.ldap[0].ldapUrl=ldap://myServer.fr:389/
cas.authn.ldap[0].type=ANONYMOUS
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].useStartTls=false
when connection between cas and ldap is ok check cas log and acces ldap log for more information !
principalAttributePassword=userPassword). – EricLavaultbindDnandbaseDn. Where are located user entries in your directoriy ? Please provide a sample user dn. Also it seems your config is missing some parameters. – EricLavaultcn=Directory Manager,dc=example,dc=com?) look for the exact entry's dn in the DIT on the left pane in Apache DS. – EricLavault