jasig-cas IRC Logs-2011-10-10
- Apereo Infrastructure
[07:29:56 CDT(-0500)] <foxnesn1> morning
[07:55:44 CDT(-0500)] <foxnesn1> early morning issues with building cas using maven with ldap support
[07:55:47 CDT(-0500)] <foxnesn1> Failed to execute goal on project local-cas: Could not resolve dependencies for project edu.university.cas:local-cas:war:1.0-SNAPSHOT: Could not find artifact org.jasig.org:cas-server-support-ldap:jar:1.0-SNAPSHOT in ja-sig (http://oss.sonatype.org/content/repositories/releases/) -> [Help 1]
[07:58:54 CDT(-0500)] <foxnesn1> hrm seems like i need the spring config, is that something i download/
[07:58:55 CDT(-0500)] <foxnesn1> ?
[08:04:23 CDT(-0500)] <battags> @foxnesn1 are you referring to the LDAP support jar as version $ ?
[08:14:35 CDT(-0500)] <dd> hello
[08:18:29 CDT(-0500)] <dd> may be a dumb question but, i've been following this guide: https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven2+WAR+Overlay+Method
[08:18:48 CDT(-0500)] <dd> and i realized that i have maven 3.0.3 installed, not 2
[08:19:12 CDT(-0500)] <dd> will i have a problem continuing using maven 3.0.3?
[08:19:12 CDT(-0500)] <battags> hi. 3.0.3 should be okay
[08:19:15 CDT(-0500)] <dd> ok
[08:19:54 CDT(-0500)] <dd> i was playing around with CAS before I found this guide and I downloaded CAS and deployed it myself. i rather do it the best practices way.
[08:20:11 CDT(-0500)] <dd> is it all right to delete the CAS that i downloaded and start fresh the way the guide does?
[08:22:27 CDT(-0500)] <battags> yes that should be fine
[08:22:41 CDT(-0500)] <battags> if you've made any local changes just make sure to transfer them over
[08:34:29 CDT(-0500)] <dd> ok, great
[08:57:32 CDT(-0500)] <foxnesn1> battags: yes, the dependency for the ldap auth header
[08:57:49 CDT(-0500)] <foxnesn1> the same one in the wiki for ldap
[08:59:17 CDT(-0500)] <battags> you need to replace $ with the version of CAS you plan on using (i.e. 3.4.10)
[09:07:55 CDT(-0500)] <kickehy> foxnesn1: i'll be very interested to see your setup if you get it working with ldap
[09:11:11 CDT(-0500)] <kickehy> every time i change my deployerConfig to work with ldap, i get http://grab.by/b2cx
[09:19:27 CDT(-0500)] <kickehy> is it essential to have the bean "auditTrailManagementAspect"? the tomcat log stdout yells at me about it
[09:28:13 CDT(-0500)] <kickehy> that would be a yes
[09:28:56 CDT(-0500)] <kickehy> sigh...i've spent an entire week pulling my hair out and all i needed was a line referencing the autditTrailManager bean
[09:29:13 CDT(-0500)] <kickehy> learned something new at least 
[09:32:06 CDT(-0500)] <foxnesn1> oh, duh thanks battags
[09:32:46 CDT(-0500)] <foxnesn1> maven build installed cleanly so that is a good sign
[09:32:53 CDT(-0500)] <foxnesn1> kickehy: does yours at least build?
[09:33:00 CDT(-0500)] <kickehy> yep
[09:33:14 CDT(-0500)] <foxnesn1> so what happens when you enter your credentials in the cas login?
[09:34:11 CDT(-0500)] <kickehy> my problem was that i couldn't even get to the login page when i changed my deployerConfig, but if i left it the default i would at least get to the login page
[09:34:35 CDT(-0500)] <kickehy> but if i try and login...i get a "CAS is Unavailable" error
[09:34:53 CDT(-0500)] <kickehy> i assume i just have something wrong for ldap in the deployerConfig
[09:34:53 CDT(-0500)] <foxnesn1> you restart tomcat after build right?
[09:34:57 CDT(-0500)] <kickehy> yeah
[09:35:39 CDT(-0500)] <foxnesn1> hrm yea
[09:35:47 CDT(-0500)] <foxnesn1> going to the cas login page gives a 404
[09:36:08 CDT(-0500)] <kickehy> after you edited the deployerConfig?
[09:36:12 CDT(-0500)] <foxnesn1> no
[09:36:16 CDT(-0500)] <kickehy> ah
[09:36:26 CDT(-0500)] <foxnesn1> i edit the pom to include the ldap dependency
[09:36:46 CDT(-0500)] <foxnesn1> i edit the deployer to include everything in the wiki that i needs
[09:36:55 CDT(-0500)] <foxnesn1> and edit the ldaps url obviously
[09:37:03 CDT(-0500)] <foxnesn1> build the war
[09:37:44 CDT(-0500)] <foxnesn1> clean build, restart
[09:37:53 CDT(-0500)] <foxnesn1> then error 404 at login
[09:38:44 CDT(-0500)] <kickehy> from my understanding, you build the war first, then edit the deployerConfig file
[09:39:10 CDT(-0500)] <kickehy> then restart tomcat
[09:40:18 CDT(-0500)] <foxnesn1> so you simply add the dependncy in the pom.xml file leaving the deployer as is
[09:40:21 CDT(-0500)] <foxnesn1> build it
[09:40:28 CDT(-0500)] <foxnesn1> then edit the deployer?
[09:41:14 CDT(-0500)] <kickehy> i think so because when you build it, it resets the deployerConfig file, at least it did when I tried that
[09:41:39 CDT(-0500)] <foxnesn1> ah then you have to build it again
[09:41:49 CDT(-0500)] <foxnesn1> at least according to the best practices doc
[09:42:16 CDT(-0500)] <kickehy> shrug maybe i'm doing it wrong 
[09:46:52 CDT(-0500)] <kickehy> can anyone else shed some light on that?
[09:51:33 CDT(-0500)] <kickehy> foxnesn1: when I followed the end-to-end windows example, it has you rebuild as well, but when i copied the war file into the tomcat webapps folder and started tomcat, all the changes i had made to the deployerConfig were gone and it was the default deployerConfig file
[10:33:58 CDT(-0500)] <foxnesn1> hrm
[10:34:08 CDT(-0500)] <foxnesn1> so i wiped out src and target dirs
[10:34:23 CDT(-0500)] <foxnesn1> included the ldap dependency in pom.xml and built it
[10:34:40 CDT(-0500)] <foxnesn1> then i rebuilt the src/main/webapp/WEB-INF dir
[10:35:01 CDT(-0500)] <foxnesn1> created the deployerConfigContext.xml with the ldap stuff i need
[10:35:11 CDT(-0500)] <foxnesn1> rebuilt it and then copied the war file to tomcat
[10:35:30 CDT(-0500)] <foxnesn1> restarted tomcat and when i go to cas/login it immediately authenticates me
[10:35:40 CDT(-0500)] <kickehy> heh
[10:35:46 CDT(-0500)] <kickehy> you're further than i am
[10:35:46 CDT(-0500)] <foxnesn1> im not sure if that is because i am logged into the domain i am testing
[10:35:47 CDT(-0500)] <foxnesn1> or what
[10:36:02 CDT(-0500)] <foxnesn1> but it shouldnt auto authenticate
[10:36:09 CDT(-0500)] <kickehy> mine tells me that it can't find the user i specified
[10:36:19 CDT(-0500)] <kickehy> so my lookups are wrong i guess
[10:36:52 CDT(-0500)] <foxnesn1> oh yea know what i still have the original beans in my deployer but that shouldnt matter because even with the default auth beans you still need to login
[10:37:12 CDT(-0500)] <foxnesn1> or maybe i need those auth beans for login who knows
[10:37:41 CDT(-0500)] <foxnesn1> oh wait, browser cache duh
[10:38:10 CDT(-0500)] <kickehy> foxnesn1: is your directory search just your DN=domain,DN=edu?
[10:39:16 CDT(-0500)] <foxnesn1> no
[10:39:38 CDT(-0500)] <foxnesn1> i need to edit the deployer to exclude the basic login auth
[10:40:15 CDT(-0500)] <atilling_> also you may need to clear cookies
[10:40:37 CDT(-0500)] <foxnesn1> yes, i just cleared cookies so i get the login page
[10:40:42 CDT(-0500)] <atilling_> if you logged in with the old deployer settings you have a TGT cookie
[10:40:47 CDT(-0500)] <foxnesn1> but it only autheticates against using the same username/pass
[10:41:09 CDT(-0500)] <foxnesn1> not even scott/secret works which is included in the deployer
[10:42:24 CDT(-0500)] <atilling_> you need to recheck what you have in the list <property name="authenticationHandlers">
[10:42:33 CDT(-0500)] <foxnesn1> ok
[10:43:35 CDT(-0500)] <atilling_> once you have moved to your own maven overlay that section in your config should only have the bindAuth you are using
[10:43:57 CDT(-0500)] <foxnesn1> if i have the ldap dependency should i get rif of the support-generic?
[10:44:05 CDT(-0500)] <foxnesn1> rid
[10:44:11 CDT(-0500)] <atilling_> yes
[10:44:31 CDT(-0500)] <foxnesn1> what about webapp?
[10:44:40 CDT(-0500)] <foxnesn1> im assuming i need that for webapps heh
[10:45:16 CDT(-0500)] <atilling_> yes, if you remove that from the pom the overlay process won't work
[10:45:23 CDT(-0500)] <foxnesn1> good to know
[10:45:54 CDT(-0500)] <atilling_> webapps is where maven gets all the peices you haven't overridden
[10:59:22 CDT(-0500)] <foxnesn1> lol what did i just do. i wiped out the src and target again to start fresh and even used the fresh pom.xml from the wiki and it says...
[10:59:37 CDT(-0500)] <foxnesn1> The project (/home/tomcat/workspace/local-cas/pom.xml) has 1 error
[10:59:37 CDT(-0500)] <foxnesn1> [ERROR] Non-parseable POM /home/tomcat/workspace/local-cas/pom.xml: markup not allowed inside attribute value - illegal < (position: START_DOCUMENT seen ... xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 >\n <... @5:6) @ line 5, column 6 -> [Help 2]
[10:59:56 CDT(-0500)] <kickehy> you probably need to delete the .m2 folder in your user's directory
[11:00:01 CDT(-0500)] <foxnesn1> oo
[11:00:16 CDT(-0500)] <kickehy> i think i ran into that before
[11:00:35 CDT(-0500)] <kickehy> well that's if you're running a windows box
[11:00:40 CDT(-0500)] <kickehy> i'm not sure on linux/unix
[11:01:36 CDT(-0500)] <kickehy> if that screws everything up, i appologize ahead of time
[11:01:56 CDT(-0500)] <atilling_> no .m2 is probably fine
[11:02:16 CDT(-0500)] <kickehy> yeah, i'll be quiet
[11:02:20 CDT(-0500)] <atilling_> it looks like you have an extra character in the pom
[11:02:50 CDT(-0500)] <atilling_> looks like the line returns came across as \n
[11:04:33 CDT(-0500)] <foxnesn1> weird this doesnt make any sense
[11:04:39 CDT(-0500)] <foxnesn1> i must look closer
[11:04:49 CDT(-0500)] <atilling_> does every line in the pom end with a \n ?
[11:07:47 CDT(-0500)] <foxnesn1> grr
[11:10:26 CDT(-0500)] <kickehy> if you're going to just authenticate through ldap, do you only need the ldap and webapp dependancies?
[11:10:33 CDT(-0500)] <kickehy> for the pom.xml
[11:10:34 CDT(-0500)] <foxnesn1> kickehy: i believe so
[11:10:46 CDT(-0500)] <atilling_> correct
[11:11:07 CDT(-0500)] <kickehy> i may rebuild then just to keep it clean
[11:11:08 CDT(-0500)] <foxnesn1> this says illegal \n at 5:6 and im looking at that line and there is no \n at all it is a string of letters
[11:11:11 CDT(-0500)] <foxnesn1> lol
[11:11:54 CDT(-0500)] <atilling_> can you paste the first 5 lines of your pom ?
[11:12:42 CDT(-0500)] <foxnesn1> <?xml version="1.0" encoding="UTF-8"?>
[11:12:42 CDT(-0500)] <foxnesn1> <project xmlns="http://maven.apache.org/POM/4.0.0"
[11:12:42 CDT(-0500)] <foxnesn1> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
[11:12:42 CDT(-0500)] <foxnesn1> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 >
[11:12:42 CDT(-0500)] <foxnesn1> <modelVersion>4.0.0</modelVersion>
[11:12:45 CDT(-0500)] <foxnesn1> <groupId>edu.university.cas</groupId>
[11:12:47 CDT(-0500)] <foxnesn1> <artifactId>local-cas</artifactId>
[11:12:50 CDT(-0500)] <foxnesn1> <packaging>war</packaging>
[11:12:52 CDT(-0500)] <foxnesn1> <version>1.0-SNAPSHOT</version>
[11:12:55 CDT(-0500)] <foxnesn1> woops ill use pastebin
[11:13:03 CDT(-0500)] <atilling_> nope no need
[11:13:04 CDT(-0500)] <kickehy> foxnesn1: http://pastie.org/
[11:13:10 CDT(-0500)] <atilling_> your missing a "
[11:13:19 CDT(-0500)] <kickehy>
[11:13:32 CDT(-0500)] <atilling_> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 > needs to be xsi:schemaLocation="http://maven.apache.org/POM/4.0.0" >
[11:13:53 CDT(-0500)] <foxnesn1> lol that is in the best practices section
[11:13:57 CDT(-0500)] <foxnesn1> i guess that should be fixed
[11:16:40 CDT(-0500)] <atilling_> it's a wiki display issue - wiki is trying to make a link
[11:16:47 CDT(-0500)] <atilling_> the line actually is <project xmlns="http://maven.apache.org/POM/4.0.0"
[11:16:47 CDT(-0500)] <atilling_> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
[11:16:47 CDT(-0500)] <atilling_> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
[11:16:51 CDT(-0500)] <foxnesn1> oh i see
[11:18:08 CDT(-0500)] <kickehy> foxnesn1: does your config use pooled results?
[11:18:14 CDT(-0500)] <foxnesn1> yes lol
[11:18:18 CDT(-0500)] <foxnesn1> but sorry im fighting this thing
[11:18:37 CDT(-0500)] <kickehy> heh understandable
[11:23:01 CDT(-0500)] <atilling_> sorry about the wiki display issue there I was going to correct the topic but not sure how to correct the wiki formating on that
[11:28:15 CDT(-0500)] <kickehy> http://pastie.org/2671831 <---that's what I did for my pom.xml
[11:30:34 CDT(-0500)] <atilling_> that should be a good pom
[11:31:35 CDT(-0500)] <kickehy> didn't get any errors in the tomcat logs so i hope so
[11:33:34 CDT(-0500)] <kickehy> now i just have to figure out why it's not looking up my users in ldap
[11:35:31 CDT(-0500)] <atilling_> here is a deployerConfig without pooling http://pastie.org/2671861
[11:39:10 CDT(-0500)] <kickehy> atilling_: do you really even need the other "credentialsToPrincipalResolvers" besides the LDAP one?
[11:39:43 CDT(-0500)] <kickehy> in that example
[11:41:12 CDT(-0500)] <atilling_> depends on what you are doing down the line
[11:41:16 CDT(-0500)] <atilling_> We do
[11:42:07 CDT(-0500)] <atilling_> and I believe you need <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> for the login page to accept the username and password
[11:42:29 CDT(-0500)] <kickehy> oh
[11:43:08 CDT(-0500)] <kickehy> i wonder if that's my problem
[11:43:32 CDT(-0500)] <atilling_> you could skip that one if the username and password are coming in via another method - like a smart card
[11:46:12 CDT(-0500)] <kickehy> lunch time
[11:58:42 CDT(-0500)] <foxnesn1> wow i had to handtype that pom.xml
[12:05:10 CDT(-0500)] <foxnesn1> i blame it on being monday
[12:15:12 CDT(-0500)] <atilling_> good answer
[12:19:52 CDT(-0500)] <kickehy> i just want to clarify something in my mind, but if i set the searchBase to "DC=domain,DC=edu" it should traverse all the folders and subfolders in AD correct?
[12:25:37 CDT(-0500)] <atilling_> correct
[12:29:34 CDT(-0500)] <kickehy> when you enter in the username, do you do: domain\loginID
[12:30:08 CDT(-0500)] <foxnesn1> enter the username where?
[12:30:10 CDT(-0500)] <foxnesn1> in CAS?
[12:30:12 CDT(-0500)] <kickehy> yes
[12:30:18 CDT(-0500)] <foxnesn1> no just your loginID i believe
[12:30:29 CDT(-0500)] <foxnesn1> since it already knows which domain you want which is what you set it up as
[12:30:30 CDT(-0500)] <atilling_> depends on your filter settings
[12:30:46 CDT(-0500)] <atilling_> with the config we have no - just userid
[12:31:36 CDT(-0500)] <atilling_> but with the filter you can have it anyway you want it
[12:33:28 CDT(-0500)] <kickehy> ok good
[12:33:36 CDT(-0500)] <kickehy> that's what i wanted anyways
[12:42:16 CDT(-0500)] <foxnesn1> atilling_: in that ldap config you posted, you are not using pooled and you are not using the config from the wiki correct?
[12:50:51 CDT(-0500)] <kickehy> foxnesn1: which wiki article are you using?
[12:54:17 CDT(-0500)] <foxnesn1> ldap authetication handler
[12:54:20 CDT(-0500)] <foxnesn1> well im making progress
[12:54:38 CDT(-0500)] <foxnesn1> cas login shows and now i get a msg about credentials not being verified
[12:54:45 CDT(-0500)] <foxnesn1> which is good i guess since it is actually trying
[12:54:48 CDT(-0500)] <kickehy> good I can't get cas to find my ldap users when it searches
[12:54:52 CDT(-0500)] <foxnesn1> but it is not hitting the ldap
[12:55:22 CDT(-0500)] <kickehy> [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ]
[12:55:26 CDT(-0500)] <kickehy> that's what i get
[12:55:37 CDT(-0500)] <kickehy> and my understanding is that data 525 means it can't find the user
[12:57:19 CDT(-0500)] <kickehy> also, my deployerConfig won't work right unless i have these lines at the bottom:
[12:57:22 CDT(-0500)] <kickehy> <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />
[12:57:25 CDT(-0500)] <kickehy> <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
[12:57:52 CDT(-0500)] <atilling_> those are the default entries
[12:58:11 CDT(-0500)] <kickehy> if i take them out i don't get the cas login page anymore
[12:58:20 CDT(-0500)] <kickehy> i'm not sure what they're for
[12:58:28 CDT(-0500)] <atilling_> Mine aren't in the deployer config as I have more complex config and they exist in other files
[13:06:31 CDT(-0500)] <kickehy> what does the service registry do?
[13:06:46 CDT(-0500)] <kickehy> i assume it deals with ticketing
[13:07:01 CDT(-0500)] <atilling_> controls what CASified services can connect to your server
[13:07:38 CDT(-0500)] <atilling_> with the default setting any application that points to your cas server can validate users
[13:08:14 CDT(-0500)] <foxnesn1> where can i look to find out why this is happening? i checked the tomcat logs and nothing
[13:08:18 CDT(-0500)] <foxnesn1> The credentials you provided cannot be determined to be authentic.
[13:08:20 CDT(-0500)] <atilling_> https://wiki.jasig.org/display/CASUM/Services+Management
[13:08:33 CDT(-0500)] <foxnesn1> im assuming it means it is not hitting the ldap
[13:09:03 CDT(-0500)] <atilling_> in your WEB-INF/classes/log4j.xml you might want to set your log threshold to debug while testing
[13:09:25 CDT(-0500)] <atilling_> DO NOT leave them at debug as password are logged in DEBUG
[13:10:24 CDT(-0500)] <kickehy> heh i can't get to that services page
[13:11:47 CDT(-0500)] <atilling_> odd, on the CAS manual/wiki page it's in the lower left nav
[13:12:39 CDT(-0500)] <kickehy> as in, it's requiring me to login
[13:12:41 CDT(-0500)] <kickehy> and i can't
[13:13:18 CDT(-0500)] <atilling_> ahh, right - with the org.jasig.cas.services.InMemoryServiceRegistryDaoImpl there is nothing to log into
[13:18:00 CDT(-0500)] <kickehy> is there a best practices wiki for that?
[13:18:50 CDT(-0500)] <atilling_> I don't know, best practivce would be to enable services management
[13:18:55 CDT(-0500)] <atilling_> but not required
[13:18:59 CDT(-0500)] <kickehy> heh
[13:22:47 CDT(-0500)] <foxnesn1> wow no errors anywhere
[13:23:16 CDT(-0500)] <foxnesn1> i even turned it to ldap and not ldaps to see if it was an ssl issue
[13:25:40 CDT(-0500)] <atilling_> if you have debug on you should see a ton of information in your catalina.out fiel
[13:26:56 CDT(-0500)] <kickehy> atilling_: i guess i just don't understand how to enable services management
[13:28:34 CDT(-0500)] <atilling_> if you want services management you need to change the impl to a JPA one or some other persistant container
[13:30:39 CDT(-0500)] <kickehy> mmmm so i should setup MySQL then
[13:32:46 CDT(-0500)] <kickehy> atilling_: you're referring to something like https://wiki.jasig.org/display/CASUM/JpaTicketRegistry correct?
[13:37:27 CDT(-0500)] <kickehy> that's it....no more turntable...EVAR
[13:37:36 CDT(-0500)] <kickehy> sigh
[13:37:40 CDT(-0500)] <atilling_> right
[13:37:42 CDT(-0500)] <kickehy> wrong channel
[13:37:44 CDT(-0500)] <kickehy> lol
[13:38:55 CDT(-0500)] <foxnesn1> ok
[13:39:02 CDT(-0500)] <foxnesn1> WHAT: error.authentication.credentials.bad
[13:39:02 CDT(-0500)] <foxnesn1> ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
[13:39:02 CDT(-0500)] <foxnesn1> APPLICATION: CAS
[13:39:15 CDT(-0500)] <foxnesn1> so that must mean it it hitting the cas
[13:39:19 CDT(-0500)] <foxnesn1> er the ldap
[13:39:26 CDT(-0500)] <foxnesn1> or maybe not
[13:40:27 CDT(-0500)] <atilling_> That JPA information is correct but you want a JPA service registry
[13:41:13 CDT(-0500)] <kickehy> hehe foxnesn1 you're in the same boat as me
[13:41:19 CDT(-0500)] <foxnesn1> does CAS output if it can actually connect to the ldap or not?
[13:43:05 CDT(-0500)] <foxnesn1> i mus tnot have my authentication handler setup
[13:43:10 CDT(-0500)] <foxnesn1> properly
[13:43:57 CDT(-0500)] <atilling_> the debug out put in the logs should tell you what's going on
[13:44:37 CDT(-0500)] <atilling_> it will idicate whether it connected to LDAP or not and what filter it used to find the principal
[13:45:07 CDT(-0500)] <atilling_> in the log4j did you set all the filters to debug or jsut one?
[13:48:55 CDT(-0500)] <atilling_> if all of the debuging is enabled a single login is over 100 lines in the log
[14:27:45 CDT(-0500)] <foxnesn1> i dont understand what value userDN is looking for
[14:28:10 CDT(-0500)] <foxnesn1> the userDN i have in AD included the OU fields and everything
[14:28:16 CDT(-0500)] <foxnesn1> includes*
[14:52:45 CDT(-0500)] <foxnesn1> hrm you would think this would be easier
[14:53:17 CDT(-0500)] <foxnesn1> ive gotten PWM, a password self service solution to work with the AD
[14:54:21 CDT(-0500)] <foxnesn1> and with basic auth on the CAS i was able to get on of our cas clients to work
[14:54:31 CDT(-0500)] <foxnesn1> now setting up against the AD is proving tasking
[15:33:14 CDT(-0500)] <atilling_> LDAP usually isn't too bad, usually don't neeed to know your dn
[15:36:13 CDT(-0500)] <atilling_> the deployer config I provide is one for connecting to AD
[15:36:25 CDT(-0500)] <foxnesn1> i saw that
[15:36:27 CDT(-0500)] <foxnesn1> doesnt work
[15:36:40 CDT(-0500)] <foxnesn1> im wondering if it has something to do with me using a self signed cert
[15:36:44 CDT(-0500)] <atilling_> are you doing bindAuth or Fast Bind?
[15:36:47 CDT(-0500)] <foxnesn1> it wont even connect
[15:36:55 CDT(-0500)] <atilling_> Self signed on CAS or LDAP?
[15:37:16 CDT(-0500)] <foxnesn1> im doing whatever is in the deployer you pasted
[15:37:25 CDT(-0500)] <foxnesn1> and the ldap is self signed i think
[15:37:33 CDT(-0500)] <foxnesn1> or tomcat isnt pointed to the right CA
[15:37:39 CDT(-0500)] <atilling_> if your ldap SSL is self signed that is a real hasle
[15:37:53 CDT(-0500)] <foxnesn1> well no we have a real CA
[15:38:00 CDT(-0500)] <atilling_> try connecting to ldap and 389 instead of ldaps and 636
[15:38:11 CDT(-0500)] <foxnesn1> yea i did that and it still wouldnt connect
[15:38:34 CDT(-0500)] <foxnesn1> a deployerconfig for something like AD should really only be a handful of lines
[15:38:44 CDT(-0500)] <atilling_> right it should
[15:39:10 CDT(-0500)] <atilling_> are you connecting with the right user?
[15:39:13 CDT(-0500)] <foxnesn1> tell it where to connect do, what the credentials are to search, how to search and where
[15:39:29 CDT(-0500)] <foxnesn1> i am connecting with a user that is an Account Operator
[15:39:43 CDT(-0500)] <atilling_> for us the user DN is <user>@conncoll.edu
[15:40:21 CDT(-0500)] <foxnesn1> that is our user principal name
[15:40:54 CDT(-0500)] <foxnesn1> that cas user only need to be able to read the directory right?
[15:41:29 CDT(-0500)] <atilling_> I'm reffering to the contextSource the user dn - in our case with ldap it's ldapro@conncoll.edu
[15:41:52 CDT(-0500)] <atilling_> right read-only is all it needs
[15:43:21 CDT(-0500)] <foxnesn1> hrm ill try that now
[15:44:10 CDT(-0500)] <foxnesn1> also i set all my logs to DEBUG and im still not getting a ton of output
[15:44:49 CDT(-0500)] <atilling_> that is very odd - try checking the cas.log file then
[15:45:11 CDT(-0500)] <atilling_> your tomcat log settings might be overriding the cas log settings
[15:46:00 CDT(-0500)] <foxnesn1> also the cas.log file outputs this
[15:46:02 CDT(-0500)] <foxnesn1> 2011-10-10 16:44:24,895 WARN [org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler] - org.jasig.cas.authenticatio
[15:46:12 CDT(-0500)] <foxnesn1> which makes no sense since that isnt included anywhere in the deployer
[15:46:58 CDT(-0500)] <atilling_> try in you overlay directory doing a mvn clean, then mvn package
[15:47:34 CDT(-0500)] <foxnesn1> ok yea cause it says
[15:47:36 CDT(-0500)] <foxnesn1> .SimpleTestUsernamePasswordAuthenticationHandler failed to authenticate the user which provided the following credentials: [username:
[15:47:41 CDT(-0500)] <foxnesn1> with the username im using
[15:47:44 CDT(-0500)] <foxnesn1> very weird
[15:48:37 CDT(-0500)] <atilling_> unless you do a mvn clean the old jar will still be in your war
[15:48:42 CDT(-0500)] <foxnesn1> the overlay dir is the one in my home or the tomcat one?
[15:48:50 CDT(-0500)] <foxnesn1> i always do mvn clean package
[15:48:52 CDT(-0500)] <atilling_> your home
[15:48:53 CDT(-0500)] <atilling_> ok
[15:49:02 CDT(-0500)] <foxnesn1> well i just did mvn clean and got
[15:49:12 CDT(-0500)] <foxnesn1> Some problems were encountered while building the effective model for edu.university.cas:local-cas:war:1.0-SNAPSHOT
[15:49:16 CDT(-0500)] <foxnesn1> [WARNING] 'build.plugins.plugin.version' for org.apache.maven.plugins:maven-war-plugin is missing. @ line 13, column 21
[15:49:50 CDT(-0500)] <atilling_> do you have a properties section declaring the cas.version?
[15:50:37 CDT(-0500)] <kickehy> is there any way of knowing if the correct tables were created for my MySQL database?
[15:50:48 CDT(-0500)] <foxnesn1> kickehy: login to it and check heh
[15:51:02 CDT(-0500)] <kickehy> well that's the thing...mysql is confusing to me
[15:51:13 CDT(-0500)] <foxnesn1> atilling_: i had one in the target dir of the overlay but i dont know if it declared a version
[15:51:26 CDT(-0500)] <foxnesn1> or do you mean the pom.xml?
[15:51:43 CDT(-0500)] <kickehy> no, the actualy mysql database
[15:51:53 CDT(-0500)] <kickehy> i assume it uses 'mysql' by default?
[15:52:29 CDT(-0500)] <foxnesn1> windows or linux?
[15:52:32 CDT(-0500)] <kickehy> windows
[15:52:41 CDT(-0500)] <atilling_> ok my statement about cas.version was referring to your pom.xml
[15:52:43 CDT(-0500)] <foxnesn1> if windows you could always install phpmyadmin or another client
[15:53:08 CDT(-0500)] <foxnesn1> the build plugins part of pom does not contain a version
[15:53:26 CDT(-0500)] <foxnesn1> only the two dependencies and the main properties has version numbers
[15:53:31 CDT(-0500)] <foxnesn1> 3.4.10
[15:54:01 CDT(-0500)] <foxnesn1> http://pastie.org/2673345
[15:54:04 CDT(-0500)] <foxnesn1> that is my pom
[15:55:43 CDT(-0500)] <atilling_> ok the dependancy could have a version of $ because you have a properties section, if you specify 3.4.10 you don't need the properties
[15:56:43 CDT(-0500)] <atilling_> what version of maven are you using?
[15:57:03 CDT(-0500)] <atilling_> 3.0.3?
[15:58:03 CDT(-0500)] <foxnesn1> yup
[15:58:12 CDT(-0500)] <atilling_> you may need to update the build plugin
[15:58:13 CDT(-0500)] <atilling_> <groupId>org.apache.maven.plugins</groupId>
[15:58:14 CDT(-0500)] <atilling_> <artifactId>maven-war-plugin</artifactId>
[15:58:14 CDT(-0500)] <atilling_> <version>2.1.1</version>
[15:59:55 CDT(-0500)] <foxnesn1> why 2.1.1 ?
[16:00:18 CDT(-0500)] <atilling_> I believe that's the latest version of maven-war-plugin
[16:02:10 CDT(-0500)] <atilling_> well end of day here for me, good luck and I'll probably be on tomorrow
[16:02:11 CDT(-0500)] <foxnesn1> ok itcleans now
[16:02:18 CDT(-0500)] <foxnesn1> ok thankd for all your help
[16:02:22 CDT(-0500)] <foxnesn1> i will get this !
[16:02:30 CDT(-0500)] <atilling_> no problem, glad to help
[16:07:16 CDT(-0500)] <kickehy> foxnesn1: see isn't it fun _
[21:54:21 CDT(-0500)] <foxnesn1> i believe there needs to be documentation specifically on the deployerCOnfig and everything it does. what is needed and what is extra and which parts address LDAP and other auths
[21:55:04 CDT(-0500)] <foxnesn1> the wiki unfortunately is confusing as it provides some level of explanation but then confuses by providing examples to the contrary.
[21:55:57 CDT(-0500)] <foxnesn1> to set up ldap should be fairly simple
[21:56:24 CDT(-0500)] <foxnesn1> chose a manager, choose a handler, enter credentials to connect