jasig-cas IRC Logs-2011-10-10

[07:29:56 CDT(-0500)] <foxnesn1> morning

[07:55:44 CDT(-0500)] <foxnesn1> early morning issues with building cas using maven with ldap support

[07:55:47 CDT(-0500)] <foxnesn1> Failed to execute goal on project local-cas: Could not resolve dependencies for project edu.university.cas:local-cas:war:1.0-SNAPSHOT: Could not find artifact org.jasig.org:cas-server-support-ldap:jar:1.0-SNAPSHOT in ja-sig (http://oss.sonatype.org/content/repositories/releases/) -> [Help 1]

[07:58:54 CDT(-0500)] <foxnesn1> hrm seems like i need the spring config, is that something i download/

[07:58:55 CDT(-0500)] <foxnesn1> ?

[08:04:23 CDT(-0500)]

<battags> @foxnesn1 are you referring to the LDAP support jar as version $

Unknown macro: {project.version}

?

[08:14:35 CDT(-0500)] <dd> hello

[08:18:29 CDT(-0500)] <dd> may be a dumb question but, i've been following this guide: https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven2+WAR+Overlay+Method

[08:18:48 CDT(-0500)] <dd> and i realized that i have maven 3.0.3 installed, not 2

[08:19:12 CDT(-0500)] <dd> will i have a problem continuing using maven 3.0.3?

[08:19:12 CDT(-0500)] <battags> hi. 3.0.3 should be okay

[08:19:15 CDT(-0500)] <dd> ok

[08:19:54 CDT(-0500)] <dd> i was playing around with CAS before I found this guide and I downloaded CAS and deployed it myself. i rather do it the best practices way.

[08:20:11 CDT(-0500)] <dd> is it all right to delete the CAS that i downloaded and start fresh the way the guide does?

[08:22:27 CDT(-0500)] <battags> yes that should be fine

[08:22:41 CDT(-0500)] <battags> if you've made any local changes just make sure to transfer them over

[08:34:29 CDT(-0500)] <dd> ok, great

[08:57:32 CDT(-0500)] <foxnesn1> battags: yes, the dependency for the ldap auth header

[08:57:49 CDT(-0500)] <foxnesn1> the same one in the wiki for ldap

[08:59:17 CDT(-0500)]

<battags> you need to replace $

Unknown macro: {project.version}

with the version of CAS you plan on using (i.e. 3.4.10)

[09:07:55 CDT(-0500)] <kickehy> foxnesn1: i'll be very interested to see your setup if you get it working with ldap

[09:11:11 CDT(-0500)] <kickehy> every time i change my deployerConfig to work with ldap, i get http://grab.by/b2cx

[09:19:27 CDT(-0500)] <kickehy> is it essential to have the bean "auditTrailManagementAspect"? the tomcat log stdout yells at me about it

[09:28:13 CDT(-0500)] <kickehy> that would be a yes

[09:28:56 CDT(-0500)] <kickehy> sigh...i've spent an entire week pulling my hair out and all i needed was a line referencing the autditTrailManager bean

[09:29:13 CDT(-0500)] <kickehy> learned something new at least (big grin)

[09:32:06 CDT(-0500)] <foxnesn1> oh, duh thanks battags

[09:32:46 CDT(-0500)] <foxnesn1> maven build installed cleanly so that is a good sign

[09:32:53 CDT(-0500)] <foxnesn1> kickehy: does yours at least build?

[09:33:00 CDT(-0500)] <kickehy> yep

[09:33:14 CDT(-0500)] <foxnesn1> so what happens when you enter your credentials in the cas login?

[09:34:11 CDT(-0500)] <kickehy> my problem was that i couldn't even get to the login page when i changed my deployerConfig, but if i left it the default i would at least get to the login page

[09:34:35 CDT(-0500)] <kickehy> but if i try and login...i get a "CAS is Unavailable" error

[09:34:53 CDT(-0500)] <kickehy> i assume i just have something wrong for ldap in the deployerConfig

[09:34:53 CDT(-0500)] <foxnesn1> you restart tomcat after build right?

[09:34:57 CDT(-0500)] <kickehy> yeah

[09:35:39 CDT(-0500)] <foxnesn1> hrm yea

[09:35:47 CDT(-0500)] <foxnesn1> going to the cas login page gives a 404

[09:36:08 CDT(-0500)] <kickehy> after you edited the deployerConfig?

[09:36:12 CDT(-0500)] <foxnesn1> no

[09:36:16 CDT(-0500)] <kickehy> ah

[09:36:26 CDT(-0500)] <foxnesn1> i edit the pom to include the ldap dependency

[09:36:46 CDT(-0500)] <foxnesn1> i edit the deployer to include everything in the wiki that i needs

[09:36:55 CDT(-0500)] <foxnesn1> and edit the ldaps url obviously

[09:37:03 CDT(-0500)] <foxnesn1> build the war

[09:37:44 CDT(-0500)] <foxnesn1> clean build, restart

[09:37:53 CDT(-0500)] <foxnesn1> then error 404 at login

[09:38:44 CDT(-0500)] <kickehy> from my understanding, you build the war first, then edit the deployerConfig file

[09:39:10 CDT(-0500)] <kickehy> then restart tomcat

[09:40:18 CDT(-0500)] <foxnesn1> so you simply add the dependncy in the pom.xml file leaving the deployer as is

[09:40:21 CDT(-0500)] <foxnesn1> build it

[09:40:28 CDT(-0500)] <foxnesn1> then edit the deployer?

[09:41:14 CDT(-0500)] <kickehy> i think so because when you build it, it resets the deployerConfig file, at least it did when I tried that

[09:41:39 CDT(-0500)] <foxnesn1> ah then you have to build it again

[09:41:49 CDT(-0500)] <foxnesn1> at least according to the best practices doc

[09:42:16 CDT(-0500)] <kickehy> shrug maybe i'm doing it wrong (tongue)

[09:46:52 CDT(-0500)] <kickehy> can anyone else shed some light on that?

[09:51:33 CDT(-0500)] <kickehy> foxnesn1: when I followed the end-to-end windows example, it has you rebuild as well, but when i copied the war file into the tomcat webapps folder and started tomcat, all the changes i had made to the deployerConfig were gone and it was the default deployerConfig file

[10:33:58 CDT(-0500)] <foxnesn1> hrm

[10:34:08 CDT(-0500)] <foxnesn1> so i wiped out src and target dirs

[10:34:23 CDT(-0500)] <foxnesn1> included the ldap dependency in pom.xml and built it

[10:34:40 CDT(-0500)] <foxnesn1> then i rebuilt the src/main/webapp/WEB-INF dir

[10:35:01 CDT(-0500)] <foxnesn1> created the deployerConfigContext.xml with the ldap stuff i need

[10:35:11 CDT(-0500)] <foxnesn1> rebuilt it and then copied the war file to tomcat

[10:35:30 CDT(-0500)] <foxnesn1> restarted tomcat and when i go to cas/login it immediately authenticates me

[10:35:40 CDT(-0500)] <kickehy> heh

[10:35:46 CDT(-0500)] <kickehy> you're further than i am

[10:35:46 CDT(-0500)] <foxnesn1> im not sure if that is because i am logged into the domain i am testing

[10:35:47 CDT(-0500)] <foxnesn1> or what

[10:36:02 CDT(-0500)] <foxnesn1> but it shouldnt auto authenticate

[10:36:09 CDT(-0500)] <kickehy> mine tells me that it can't find the user i specified

[10:36:19 CDT(-0500)] <kickehy> so my lookups are wrong i guess

[10:36:52 CDT(-0500)] <foxnesn1> oh yea know what i still have the original beans in my deployer but that shouldnt matter because even with the default auth beans you still need to login

[10:37:12 CDT(-0500)] <foxnesn1> or maybe i need those auth beans for login who knows

[10:37:41 CDT(-0500)] <foxnesn1> oh wait, browser cache duh

[10:38:10 CDT(-0500)] <kickehy> foxnesn1: is your directory search just your DN=domain,DN=edu?

[10:39:16 CDT(-0500)] <foxnesn1> no

[10:39:38 CDT(-0500)] <foxnesn1> i need to edit the deployer to exclude the basic login auth

[10:40:15 CDT(-0500)] <atilling_> also you may need to clear cookies

[10:40:37 CDT(-0500)] <foxnesn1> yes, i just cleared cookies so i get the login page

[10:40:42 CDT(-0500)] <atilling_> if you logged in with the old deployer settings you have a TGT cookie

[10:40:47 CDT(-0500)] <foxnesn1> but it only autheticates against using the same username/pass

[10:41:09 CDT(-0500)] <foxnesn1> not even scott/secret works which is included in the deployer

[10:42:24 CDT(-0500)] <atilling_> you need to recheck what you have in the list <property name="authenticationHandlers">

[10:42:33 CDT(-0500)] <foxnesn1> ok

[10:43:35 CDT(-0500)] <atilling_> once you have moved to your own maven overlay that section in your config should only have the bindAuth you are using

[10:43:57 CDT(-0500)] <foxnesn1> if i have the ldap dependency should i get rif of the support-generic?

[10:44:05 CDT(-0500)] <foxnesn1> rid

[10:44:11 CDT(-0500)] <atilling_> yes

[10:44:31 CDT(-0500)] <foxnesn1> what about webapp?

[10:44:40 CDT(-0500)] <foxnesn1> im assuming i need that for webapps heh

[10:45:16 CDT(-0500)] <atilling_> yes, if you remove that from the pom the overlay process won't work

[10:45:23 CDT(-0500)] <foxnesn1> good to know

[10:45:54 CDT(-0500)] <atilling_> webapps is where maven gets all the peices you haven't overridden

[10:59:22 CDT(-0500)] <foxnesn1> lol what did i just do. i wiped out the src and target again to start fresh and even used the fresh pom.xml from the wiki and it says...

[10:59:37 CDT(-0500)] <foxnesn1> The project (/home/tomcat/workspace/local-cas/pom.xml) has 1 error

[10:59:37 CDT(-0500)] <foxnesn1> [ERROR] Non-parseable POM /home/tomcat/workspace/local-cas/pom.xml: markup not allowed inside attribute value - illegal < (position: START_DOCUMENT seen ... xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 >\n <... @5:6) @ line 5, column 6 -> [Help 2]

[10:59:56 CDT(-0500)] <kickehy> you probably need to delete the .m2 folder in your user's directory

[11:00:01 CDT(-0500)] <foxnesn1> oo

[11:00:16 CDT(-0500)] <kickehy> i think i ran into that before

[11:00:35 CDT(-0500)] <kickehy> well that's if you're running a windows box

[11:00:40 CDT(-0500)] <kickehy> i'm not sure on linux/unix

[11:01:36 CDT(-0500)] <kickehy> if that screws everything up, i appologize ahead of time

[11:01:56 CDT(-0500)] <atilling_> no .m2 is probably fine

[11:02:16 CDT(-0500)] <kickehy> yeah, i'll be quiet (tongue)

[11:02:20 CDT(-0500)] <atilling_> it looks like you have an extra character in the pom

[11:02:50 CDT(-0500)] <atilling_> looks like the line returns came across as \n

[11:04:33 CDT(-0500)] <foxnesn1> weird this doesnt make any sense

[11:04:39 CDT(-0500)] <foxnesn1> i must look closer

[11:04:49 CDT(-0500)] <atilling_> does every line in the pom end with a \n ?

[11:07:47 CDT(-0500)] <foxnesn1> grr

[11:10:26 CDT(-0500)] <kickehy> if you're going to just authenticate through ldap, do you only need the ldap and webapp dependancies?

[11:10:33 CDT(-0500)] <kickehy> for the pom.xml

[11:10:34 CDT(-0500)] <foxnesn1> kickehy: i believe so

[11:10:46 CDT(-0500)] <atilling_> correct

[11:11:07 CDT(-0500)] <kickehy> i may rebuild then just to keep it clean

[11:11:08 CDT(-0500)] <foxnesn1> this says illegal \n at 5:6 and im looking at that line and there is no \n at all it is a string of letters

[11:11:11 CDT(-0500)] <foxnesn1> lol

[11:11:54 CDT(-0500)] <atilling_> can you paste the first 5 lines of your pom ?

[11:12:42 CDT(-0500)] <foxnesn1> <?xml version="1.0" encoding="UTF-8"?>

[11:12:42 CDT(-0500)] <foxnesn1> <project xmlns="http://maven.apache.org/POM/4.0.0"

[11:12:42 CDT(-0500)] <foxnesn1> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

[11:12:42 CDT(-0500)] <foxnesn1> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 >

[11:12:42 CDT(-0500)] <foxnesn1> <modelVersion>4.0.0</modelVersion>

[11:12:45 CDT(-0500)] <foxnesn1> <groupId>edu.university.cas</groupId>

[11:12:47 CDT(-0500)] <foxnesn1> <artifactId>local-cas</artifactId>

[11:12:50 CDT(-0500)] <foxnesn1> <packaging>war</packaging>

[11:12:52 CDT(-0500)] <foxnesn1> <version>1.0-SNAPSHOT</version>

[11:12:55 CDT(-0500)] <foxnesn1> woops ill use pastebin

[11:13:03 CDT(-0500)] <atilling_> nope no need

[11:13:04 CDT(-0500)] <kickehy> foxnesn1: http://pastie.org/

[11:13:10 CDT(-0500)] <atilling_> your missing a "

[11:13:19 CDT(-0500)] <kickehy> (big grin)

[11:13:32 CDT(-0500)] <atilling_> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 > needs to be xsi:schemaLocation="http://maven.apache.org/POM/4.0.0" >

[11:13:53 CDT(-0500)] <foxnesn1> lol that is in the best practices section

[11:13:57 CDT(-0500)] <foxnesn1> i guess that should be fixed

[11:16:40 CDT(-0500)] <atilling_> it's a wiki display issue - wiki is trying to make a link

[11:16:47 CDT(-0500)] <atilling_> the line actually is <project xmlns="http://maven.apache.org/POM/4.0.0"

[11:16:47 CDT(-0500)] <atilling_> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

[11:16:47 CDT(-0500)] <atilling_> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

[11:16:51 CDT(-0500)] <foxnesn1> oh i see

[11:18:08 CDT(-0500)] <kickehy> foxnesn1: does your config use pooled results?

[11:18:14 CDT(-0500)] <foxnesn1> yes lol

[11:18:18 CDT(-0500)] <foxnesn1> but sorry im fighting this thing

[11:18:37 CDT(-0500)] <kickehy> heh understandable

[11:23:01 CDT(-0500)] <atilling_> sorry about the wiki display issue there I was going to correct the topic but not sure how to correct the wiki formating on that

[11:28:15 CDT(-0500)] <kickehy> http://pastie.org/2671831 <---that's what I did for my pom.xml

[11:30:34 CDT(-0500)] <atilling_> that should be a good pom

[11:31:35 CDT(-0500)] <kickehy> didn't get any errors in the tomcat logs so i hope so (big grin)

[11:33:34 CDT(-0500)] <kickehy> now i just have to figure out why it's not looking up my users in ldap

[11:35:31 CDT(-0500)] <atilling_> here is a deployerConfig without pooling http://pastie.org/2671861

[11:39:10 CDT(-0500)] <kickehy> atilling_: do you really even need the other "credentialsToPrincipalResolvers" besides the LDAP one?

[11:39:43 CDT(-0500)] <kickehy> in that example

[11:41:12 CDT(-0500)] <atilling_> depends on what you are doing down the line

[11:41:16 CDT(-0500)] <atilling_> We do

[11:42:07 CDT(-0500)] <atilling_> and I believe you need <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> for the login page to accept the username and password

[11:42:29 CDT(-0500)] <kickehy> oh

[11:43:08 CDT(-0500)] <kickehy> i wonder if that's my problem

[11:43:32 CDT(-0500)] <atilling_> you could skip that one if the username and password are coming in via another method - like a smart card

[11:46:12 CDT(-0500)] <kickehy> lunch time (big grin)

[11:58:42 CDT(-0500)] <foxnesn1> wow i had to handtype that pom.xml

[12:05:10 CDT(-0500)] <foxnesn1> i blame it on being monday

[12:15:12 CDT(-0500)] <atilling_> good answer

[12:19:52 CDT(-0500)] <kickehy> i just want to clarify something in my mind, but if i set the searchBase to "DC=domain,DC=edu" it should traverse all the folders and subfolders in AD correct?

[12:25:37 CDT(-0500)] <atilling_> correct

[12:29:34 CDT(-0500)] <kickehy> when you enter in the username, do you do: domain\loginID

[12:30:08 CDT(-0500)] <foxnesn1> enter the username where?

[12:30:10 CDT(-0500)] <foxnesn1> in CAS?

[12:30:12 CDT(-0500)] <kickehy> yes

[12:30:18 CDT(-0500)] <foxnesn1> no just your loginID i believe

[12:30:29 CDT(-0500)] <foxnesn1> since it already knows which domain you want which is what you set it up as

[12:30:30 CDT(-0500)] <atilling_> depends on your filter settings

[12:30:46 CDT(-0500)] <atilling_> with the config we have no - just userid

[12:31:36 CDT(-0500)] <atilling_> but with the filter you can have it anyway you want it

[12:33:28 CDT(-0500)] <kickehy> ok good

[12:33:36 CDT(-0500)] <kickehy> that's what i wanted anyways (big grin)

[12:42:16 CDT(-0500)] <foxnesn1> atilling_: in that ldap config you posted, you are not using pooled and you are not using the config from the wiki correct?

[12:50:51 CDT(-0500)] <kickehy> foxnesn1: which wiki article are you using?

[12:54:17 CDT(-0500)] <foxnesn1> ldap authetication handler

[12:54:20 CDT(-0500)] <foxnesn1> well im making progress

[12:54:38 CDT(-0500)] <foxnesn1> cas login shows and now i get a msg about credentials not being verified

[12:54:45 CDT(-0500)] <foxnesn1> which is good i guess since it is actually trying

[12:54:48 CDT(-0500)] <kickehy> good (big grin) I can't get cas to find my ldap users when it searches

[12:54:52 CDT(-0500)] <foxnesn1> but it is not hitting the ldap

[12:55:22 CDT(-0500)] <kickehy> [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ]

[12:55:26 CDT(-0500)] <kickehy> that's what i get

[12:55:37 CDT(-0500)] <kickehy> and my understanding is that data 525 means it can't find the user

[12:57:19 CDT(-0500)] <kickehy> also, my deployerConfig won't work right unless i have these lines at the bottom:

[12:57:22 CDT(-0500)] <kickehy> <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />

[12:57:25 CDT(-0500)] <kickehy> <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />

[12:57:52 CDT(-0500)] <atilling_> those are the default entries

[12:58:11 CDT(-0500)] <kickehy> if i take them out i don't get the cas login page anymore

[12:58:20 CDT(-0500)] <kickehy> i'm not sure what they're for (tongue)

[12:58:28 CDT(-0500)] <atilling_> Mine aren't in the deployer config as I have more complex config and they exist in other files

[13:06:31 CDT(-0500)] <kickehy> what does the service registry do?

[13:06:46 CDT(-0500)] <kickehy> i assume it deals with ticketing

[13:07:01 CDT(-0500)] <atilling_> controls what CASified services can connect to your server

[13:07:38 CDT(-0500)] <atilling_> with the default setting any application that points to your cas server can validate users

[13:08:14 CDT(-0500)] <foxnesn1> where can i look to find out why this is happening? i checked the tomcat logs and nothing

[13:08:18 CDT(-0500)] <foxnesn1> The credentials you provided cannot be determined to be authentic.

[13:08:20 CDT(-0500)] <atilling_> https://wiki.jasig.org/display/CASUM/Services+Management

[13:08:33 CDT(-0500)] <foxnesn1> im assuming it means it is not hitting the ldap

[13:09:03 CDT(-0500)] <atilling_> in your WEB-INF/classes/log4j.xml you might want to set your log threshold to debug while testing

[13:09:25 CDT(-0500)] <atilling_> DO NOT leave them at debug as password are logged in DEBUG

[13:10:24 CDT(-0500)] <kickehy> heh i can't get to that services page

[13:11:47 CDT(-0500)] <atilling_> odd, on the CAS manual/wiki page it's in the lower left nav

[13:12:39 CDT(-0500)] <kickehy> as in, it's requiring me to login

[13:12:41 CDT(-0500)] <kickehy> and i can't

[13:13:18 CDT(-0500)] <atilling_> ahh, right - with the org.jasig.cas.services.InMemoryServiceRegistryDaoImpl there is nothing to log into

[13:18:00 CDT(-0500)] <kickehy> is there a best practices wiki for that?

[13:18:50 CDT(-0500)] <atilling_> I don't know, best practivce would be to enable services management

[13:18:55 CDT(-0500)] <atilling_> but not required

[13:18:59 CDT(-0500)] <kickehy> heh

[13:22:47 CDT(-0500)] <foxnesn1> wow no errors anywhere

[13:23:16 CDT(-0500)] <foxnesn1> i even turned it to ldap and not ldaps to see if it was an ssl issue

[13:25:40 CDT(-0500)] <atilling_> if you have debug on you should see a ton of information in your catalina.out fiel

[13:26:56 CDT(-0500)] <kickehy> atilling_: i guess i just don't understand how to enable services management

[13:28:34 CDT(-0500)] <atilling_> if you want services management you need to change the impl to a JPA one or some other persistant container

[13:30:39 CDT(-0500)] <kickehy> mmmm so i should setup MySQL then

[13:32:46 CDT(-0500)] <kickehy> atilling_: you're referring to something like https://wiki.jasig.org/display/CASUM/JpaTicketRegistry correct?

[13:37:27 CDT(-0500)] <kickehy> that's it....no more turntable...EVAR

[13:37:36 CDT(-0500)] <kickehy> sigh

[13:37:40 CDT(-0500)] <atilling_> right

[13:37:42 CDT(-0500)] <kickehy> wrong channel

[13:37:44 CDT(-0500)] <kickehy> lol

[13:38:55 CDT(-0500)] <foxnesn1> ok

[13:39:02 CDT(-0500)] <foxnesn1> WHAT: error.authentication.credentials.bad

[13:39:02 CDT(-0500)] <foxnesn1> ACTION: TICKET_GRANTING_TICKET_NOT_CREATED

[13:39:02 CDT(-0500)] <foxnesn1> APPLICATION: CAS

[13:39:15 CDT(-0500)] <foxnesn1> so that must mean it it hitting the cas

[13:39:19 CDT(-0500)] <foxnesn1> er the ldap

[13:39:26 CDT(-0500)] <foxnesn1> or maybe not

[13:40:27 CDT(-0500)] <atilling_> That JPA information is correct but you want a JPA service registry

[13:41:13 CDT(-0500)] <kickehy> hehe foxnesn1 you're in the same boat as me (tongue)

[13:41:19 CDT(-0500)] <foxnesn1> does CAS output if it can actually connect to the ldap or not?

[13:43:05 CDT(-0500)] <foxnesn1> i mus tnot have my authentication handler setup

[13:43:10 CDT(-0500)] <foxnesn1> properly

[13:43:57 CDT(-0500)] <atilling_> the debug out put in the logs should tell you what's going on

[13:44:37 CDT(-0500)] <atilling_> it will idicate whether it connected to LDAP or not and what filter it used to find the principal

[13:45:07 CDT(-0500)] <atilling_> in the log4j did you set all the filters to debug or jsut one?

[13:48:55 CDT(-0500)] <atilling_> if all of the debuging is enabled a single login is over 100 lines in the log

[14:27:45 CDT(-0500)] <foxnesn1> i dont understand what value userDN is looking for

[14:28:10 CDT(-0500)] <foxnesn1> the userDN i have in AD included the OU fields and everything

[14:28:16 CDT(-0500)] <foxnesn1> includes*

[14:52:45 CDT(-0500)] <foxnesn1> hrm you would think this would be easier

[14:53:17 CDT(-0500)] <foxnesn1> ive gotten PWM, a password self service solution to work with the AD

[14:54:21 CDT(-0500)] <foxnesn1> and with basic auth on the CAS i was able to get on of our cas clients to work

[14:54:31 CDT(-0500)] <foxnesn1> now setting up against the AD is proving tasking

[15:33:14 CDT(-0500)] <atilling_> LDAP usually isn't too bad, usually don't neeed to know your dn

[15:36:13 CDT(-0500)] <atilling_> the deployer config I provide is one for connecting to AD

[15:36:25 CDT(-0500)] <foxnesn1> i saw that

[15:36:27 CDT(-0500)] <foxnesn1> doesnt work

[15:36:40 CDT(-0500)] <foxnesn1> im wondering if it has something to do with me using a self signed cert

[15:36:44 CDT(-0500)] <atilling_> are you doing bindAuth or Fast Bind?

[15:36:47 CDT(-0500)] <foxnesn1> it wont even connect

[15:36:55 CDT(-0500)] <atilling_> Self signed on CAS or LDAP?

[15:37:16 CDT(-0500)] <foxnesn1> im doing whatever is in the deployer you pasted

[15:37:25 CDT(-0500)] <foxnesn1> and the ldap is self signed i think

[15:37:33 CDT(-0500)] <foxnesn1> or tomcat isnt pointed to the right CA

[15:37:39 CDT(-0500)] <atilling_> if your ldap SSL is self signed that is a real hasle

[15:37:53 CDT(-0500)] <foxnesn1> well no we have a real CA

[15:38:00 CDT(-0500)] <atilling_> try connecting to ldap and 389 instead of ldaps and 636

[15:38:11 CDT(-0500)] <foxnesn1> yea i did that and it still wouldnt connect

[15:38:34 CDT(-0500)] <foxnesn1> a deployerconfig for something like AD should really only be a handful of lines

[15:38:44 CDT(-0500)] <atilling_> right it should

[15:39:10 CDT(-0500)] <atilling_> are you connecting with the right user?

[15:39:13 CDT(-0500)] <foxnesn1> tell it where to connect do, what the credentials are to search, how to search and where

[15:39:29 CDT(-0500)] <foxnesn1> i am connecting with a user that is an Account Operator

[15:39:43 CDT(-0500)] <atilling_> for us the user DN is <user>@conncoll.edu

[15:40:21 CDT(-0500)] <foxnesn1> that is our user principal name

[15:40:54 CDT(-0500)] <foxnesn1> that cas user only need to be able to read the directory right?

[15:41:29 CDT(-0500)] <atilling_> I'm reffering to the contextSource the user dn - in our case with ldap it's ldapro@conncoll.edu

[15:41:52 CDT(-0500)] <atilling_> right read-only is all it needs

[15:43:21 CDT(-0500)] <foxnesn1> hrm ill try that now

[15:44:10 CDT(-0500)] <foxnesn1> also i set all my logs to DEBUG and im still not getting a ton of output

[15:44:49 CDT(-0500)] <atilling_> that is very odd - try checking the cas.log file then

[15:45:11 CDT(-0500)] <atilling_> your tomcat log settings might be overriding the cas log settings

[15:46:00 CDT(-0500)] <foxnesn1> also the cas.log file outputs this

[15:46:02 CDT(-0500)] <foxnesn1> 2011-10-10 16:44:24,895 WARN [org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler] - org.jasig.cas.authenticatio

[15:46:12 CDT(-0500)] <foxnesn1> which makes no sense since that isnt included anywhere in the deployer

[15:46:58 CDT(-0500)] <atilling_> try in you overlay directory doing a mvn clean, then mvn package

[15:47:34 CDT(-0500)] <foxnesn1> ok yea cause it says

[15:47:36 CDT(-0500)] <foxnesn1> .SimpleTestUsernamePasswordAuthenticationHandler failed to authenticate the user which provided the following credentials: [username:

[15:47:41 CDT(-0500)] <foxnesn1> with the username im using

[15:47:44 CDT(-0500)] <foxnesn1> very weird

[15:48:37 CDT(-0500)] <atilling_> unless you do a mvn clean the old jar will still be in your war

[15:48:42 CDT(-0500)] <foxnesn1> the overlay dir is the one in my home or the tomcat one?

[15:48:50 CDT(-0500)] <foxnesn1> i always do mvn clean package

[15:48:52 CDT(-0500)] <atilling_> your home

[15:48:53 CDT(-0500)] <atilling_> ok

[15:49:02 CDT(-0500)] <foxnesn1> well i just did mvn clean and got

[15:49:12 CDT(-0500)] <foxnesn1> Some problems were encountered while building the effective model for edu.university.cas:local-cas:war:1.0-SNAPSHOT

[15:49:16 CDT(-0500)] <foxnesn1> [WARNING] 'build.plugins.plugin.version' for org.apache.maven.plugins:maven-war-plugin is missing. @ line 13, column 21

[15:49:50 CDT(-0500)] <atilling_> do you have a properties section declaring the cas.version?

[15:50:37 CDT(-0500)] <kickehy> is there any way of knowing if the correct tables were created for my MySQL database?

[15:50:48 CDT(-0500)] <foxnesn1> kickehy: login to it and check heh

[15:51:02 CDT(-0500)] <kickehy> well that's the thing...mysql is confusing to me

[15:51:13 CDT(-0500)] <foxnesn1> atilling_: i had one in the target dir of the overlay but i dont know if it declared a version

[15:51:26 CDT(-0500)] <foxnesn1> or do you mean the pom.xml?

[15:51:43 CDT(-0500)] <kickehy> no, the actualy mysql database

[15:51:53 CDT(-0500)] <kickehy> i assume it uses 'mysql' by default?

[15:52:29 CDT(-0500)] <foxnesn1> windows or linux?

[15:52:32 CDT(-0500)] <kickehy> windows

[15:52:41 CDT(-0500)] <atilling_> ok my statement about cas.version was referring to your pom.xml

[15:52:43 CDT(-0500)] <foxnesn1> if windows you could always install phpmyadmin or another client

[15:53:08 CDT(-0500)] <foxnesn1> the build plugins part of pom does not contain a version

[15:53:26 CDT(-0500)] <foxnesn1> only the two dependencies and the main properties has version numbers

[15:53:31 CDT(-0500)] <foxnesn1> 3.4.10

[15:54:01 CDT(-0500)] <foxnesn1> http://pastie.org/2673345

[15:54:04 CDT(-0500)] <foxnesn1> that is my pom

[15:55:43 CDT(-0500)]

<atilling_> ok the dependancy could have a version of $

Unknown macro: {cas.version}

because you have a properties section, if you specify 3.4.10 you don't need the properties

[15:56:43 CDT(-0500)] <atilling_> what version of maven are you using?

[15:57:03 CDT(-0500)] <atilling_> 3.0.3?

[15:58:03 CDT(-0500)] <foxnesn1> yup

[15:58:12 CDT(-0500)] <atilling_> you may need to update the build plugin

[15:58:13 CDT(-0500)] <atilling_> <groupId>org.apache.maven.plugins</groupId>

[15:58:14 CDT(-0500)] <atilling_> <artifactId>maven-war-plugin</artifactId>

[15:58:14 CDT(-0500)] <atilling_> <version>2.1.1</version>

[15:59:55 CDT(-0500)] <foxnesn1> why 2.1.1 ?

[16:00:18 CDT(-0500)] <atilling_> I believe that's the latest version of maven-war-plugin

[16:02:10 CDT(-0500)] <atilling_> well end of day here for me, good luck and I'll probably be on tomorrow

[16:02:11 CDT(-0500)] <foxnesn1> ok itcleans now

[16:02:18 CDT(-0500)] <foxnesn1> ok thankd for all your help

[16:02:22 CDT(-0500)] <foxnesn1> i will get this !

[16:02:30 CDT(-0500)] <atilling_> no problem, glad to help

[16:07:16 CDT(-0500)] <kickehy> foxnesn1: see isn't it fun _

[21:54:21 CDT(-0500)] <foxnesn1> i believe there needs to be documentation specifically on the deployerCOnfig and everything it does. what is needed and what is extra and which parts address LDAP and other auths

[21:55:04 CDT(-0500)] <foxnesn1> the wiki unfortunately is confusing as it provides some level of explanation but then confuses by providing examples to the contrary.

[21:55:57 CDT(-0500)] <foxnesn1> to set up ldap should be fairly simple

[21:56:24 CDT(-0500)] <foxnesn1> chose a manager, choose a handler, enter credentials to connect