Hi,
It may be useful for this or for some other cases. We are still on alpha
phase of CAS usage, however we have already setup the CAS for two domains,
one on Active Directory and the other on LDAP. Both are currently working
nicely. Here goes the example config. If someone finds some
misconfiguration, please tell me - we are currently trying to configure and
understand CAS :) )
#ActiveDirectory - Domain 1
cas.authn.ldap[0].order=1
cas.authn.ldap[0].name=LDAP1
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].useSsl=true
cas.authn.ldap[0].ldapUrl=ldaps://ad.domain.com/
cas.authn.ldap[0].enhanceWithEntryResolver=true
cas.authn.ldap[0].baseDn=OU=Departments,DC=DOMAIN,DC=COM
cas.authn.ldap[0].bindDn=CN=bind_account,OU=service_accounts,DC=DOMAIN,DC=com
cas.authn.ldap[0].bindCredential=credentials
cas.authn.ldap[0].searchFilter=cn={user}
cas.authn.ldap[0].dnFormat=%s...@domain.com
cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true
cas.authn.ldap[0].poolPassivator=BIND
In order to allow ssl, we had to add CA/domain cert to the keystore
#Attribute repository
cas.authn.attributeRepository.ldap[0].keystore=file:/etc/pki/ca-trust/extracted/java/cacerts
cas.authn.attributeRepository.ldap[0].keystorePassword=password (default:
changeit)
#LDAP - domain2 (hosted on zimbra)
cas.authn.ldap[1].order=2
cas.authn.ldap[1].name=LDAP-DOMAIN2
cas.authn.ldap[1].type=AUTHENTICATED
cas.authn.ldap[1].useSsl=false
cas.authn.ldap[1].ldapUrl=ldap://ldap.DOMAIN2.com/
cas.authn.ldap[1].enhanceWithEntryResolver=true
cas.authn.ldap[1].baseDn=ou=people,dc=DOMAIN2,dc=pt
cas.authn.ldap[1].bindDn=uid=zimbra,cn=admins,cn=zimbra
cas.authn.ldap[1].bindCredential=credentials
cas.authn.ldap[1].searchFilter=uid={user}
cas.authn.ldap[1].allowMultiplePrincipalAttributeValues=true
Best regards,
sexta-feira, 17 de Agosto de 2018 às 13:44:27 UTC+1, JC escreveu:
>
> I believe that the 'cas.authn.ldap[0].userFilter' has been changed to
> 'cas.authn.ldap[0].searchFilter' in 5.3.x. I also needed the CA certificate
> and used 'cas.authn.ldap[0].trustCertificates=file:/<path_to_file>' in my
> config.
>
>
>
> James
>
> On Thursday, August 16, 2018 at 11:44:21 AM UTC-4, rbon wrote:
>>
>> Duc,
>>
>> I also have these:
>>
>>
>> cas.authn.ldap[0].baseDn=ou=loadtesters,ou=uportal,ou=applications,dc=uvic,dc=ca
>> cas.authn.ldap[0].userFilter=uid:2.5.13.5:={user}
>>
>> Ray
>>
>>
>> On Thu, 2018-08-16 at 03:35 -0700, Hoang Anh Duc wrote:
>>
>> I'm using CAS 5.3.2 and want to configure CAS with LDAP. I haven't done
>> it before. I found this guide
>> <https://apereo.github.io/cas/5.3.x/installation/LDAP-Authentication.html>
>> for
>> my installation. I followed it and dded the "compile" line and built
>> succeed. But I don't know how to make a full configuration to link my LDAP
>> with this CAS. The doc looks simple. Anyone can show me a simple example?
>> Thanks!
>>
>> Here's what I added to my cas.properties, but it worked yet:
>>
>>
>> cas.authn.ldap[0].ldapUrl=ldaps://ldap.forumsys.com
>> cas.authn.ldap[0].bindDn=cn=read-only-admin,dc=example,dc=com
>> cas.authn.ldap[0].bindCredential=password
>> cas.authn.ldap[0].useSsl=true
>> cas.authn.ldap[0].useStartTls=false
>>
>> cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName
>> cas.authn.ldap[0].collectDnAttribute=false
>> cas.authn.ldap[0].principalDnAttributeName=principalLdapDn
>> cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true
>> cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true
>>
>> --
>> Ray Bon
>> Programmer analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | rb...@uvic.ca
>>
>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/992b9c3c-0f1b-47f0-97cf-15cac50f017e%40apereo.org.
