Thank Ray! Unfortunately, I realized searching by OU for a user won't work. This is because of a couple of things. I originally thought OUs were groups and have since discovered they are not. I want to authenticate using sAMAccountName and when you search by groups, none of the memberss have sAMAccountNames as a field. It only displays members as their DN which doesn't contain the sAMAccountName. Now, I'm thinking of approaching it by pulling a user's entry, and check to see what they're a member of as users do display their group membership
Marc, or anyone else, how would I be able to restrict it down further? I see a cas.authn.ldap[0].searchEntryHandlers[0] but I'm not sure if this is what I want. On Tuesday, February 27, 2018 at 3:24:33 PM UTC-6, Marc Dufour wrote: > > You can restrict the users able to authenticate with CAS if you have to, > I'm just saying that it may not be only way. Your reality is different than > mine. > > As for the attributes: they are passed to the application, or in CAS > terminology, the service. principalAttributeList contains the attributes > available to CAS to pass to the service. When you create a service, you > configure the AttributeReleasePolicy that tells CAS what attributes the > application has access to (or released to it, in CAS language). See this > https://apereo.github.io/cas/5.2.x/installation/Service-Management.html > and this > https://apereo.github.io/cas/5.2.x/integration/Attribute-Release.html. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d0711851-a8bb-430a-85a2-3179c9222411%40apereo.org.
