Just to make sure I understand the LDAP and CAS connection properly, CAS is 
sending over a set of credentials to first access the LDAP correct? Is that 
the bindDN and bindCredential? Does it then search through the result query 
for userFilter for a match? 

Also, I'm a little confused about the dNFormat. I inputed directly what is 
the DN for user 1. However, for other users, since they belong to different 
OU, how do I change the code such that it becomes more versatile? 

My eventual goal is for cas to authenticate users from a single OU.

Thank you all for bearing with me so far and all my questions.

On Friday, February 23, 2018 at 11:44:35 AM UTC-6, Kevin Liu wrote:
>
> I finally got it to talk to my LDAP! I've realized I should also put that 
> my LDAP is really a MSDN. It is in a very limited capacity though. Here is 
> my cas.properties and I hope someone can help me figure out how to expand 
> the scope of authentication. My apologies about the obfuscation. 
>
> #AD Configurations
> cas.authn.ldap[0].type=AD
> cas.authn.ldap[0].ldapUrl=ldap://ladpserver:389
> cas.authn.ldap[0].useSsl=false
> cas.authn.ldap[0].useStartTls=false
> cas.authn.ldap[0].connectTimeout=5000
> cas.authn.ldap[0].subtreeSearch=true
> cas.authn.ldap[0].baseDn=dc=beta,dc=gamma
> cas.authn.ldap[0].userFilter=cn={user}
> cas.authn.ldap[0].bindDn=user1@beta.gamma
> cas.authn.ldap[0].bindCredential=user1Password
> cas.authn.ldap[0].dnFormat=CN=User 1,OU=Test,OU=alpha,DC=beta,DC=gamma
>
> This configuration only works for 1 user, user1. How do I expand it such 
> that any user can input their credentials for validation?
> Also interesting, for user1, they can input either user1 or 
> user1@beta.gamma and be able to login with the correct password.
>
>
>
>
> On Friday, February 23, 2018 at 9:17:02 AM UTC-6, David Curry wrote:
>>
>> Yes, that looks like your DN.
>>
>> But if CAS is not starting, it's something else. Are you using 5.2.2? Can 
>> you post your pom.xml and cas.log files as attachments?
>>
>>
>>
>> --
>>
>> DAVID A. CURRY, CISSP
>> *DIRECTOR OF INFORMATION SECURITY*
>> INFORMATION TECHNOLOGY
>>
>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>>
>> [image: The New School]
>>
>> On Fri, Feb 23, 2018 at 9:56 AM, Kevin Liu <annih...@gmail.com> wrote:
>>
>>> For my own account, when I execute the LDAP query in my first post, I 
>>> can't see my own DN but I can see what I'm a member of. Is the listed 
>>> member field my DN? 
>>>
>>> member: CN=Kevin Liu,OU=Delta,OU=Alpha,DC=Beta,DC=Gamma
>>>
>>> Would this be my DN?
>>>
>>> On Friday, February 23, 2018 at 6:17:22 AM UTC-6, alberto wrote:
>>>>
>>>> On Thu, 22 Feb 2018 13:43:05 -0800 (PST) 
>>>> Kevin Liu <annih...@gmail.com> wrote: 
>>>>
>>>> > Correct me if I'm wrong but looking at the directory, not everyone 
>>>> > has a DN. Some users are only members of a group it looks like. 
>>>>
>>>> I don't think so. DN is the ultimate identifier in LDAP/AD. As stated 
>>>> in MSDN: «The LDAP API references an LDAP object by its distinguished 
>>>> name (DN)». Even a group have a DN so you can perform operations on it. 
>>>>
>>>> ( Source: 
>>>> https://msdn.microsoft.com/en-us/library/aa366101(v=vs.85).aspx ) 
>>>>
>>>> -- 
>>>> Alberto Cabello Sánchez 
>>>> Servicio de Informática 
>>>> Universidad de Extremadura 
>>>>
>>> -- 
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> --- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/4c960c01-c31d-4c3b-8386-c9dadafaf812%40apereo.org
>>>  
>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/4c960c01-c31d-4c3b-8386-c9dadafaf812%40apereo.org?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/197ffc37-0e97-4a1b-b997-30c462259b65%40apereo.org.

Reply via email to