Hi, It may be useful for this or for some other cases. We are still on alpha phase of CAS usage, however we have already setup the CAS for two domains, one on Active Directory and the other on LDAP. Both are currently working nicely. Here goes the example config. If someone finds some misconfiguration, please tell me - we are currently trying to configure and understand CAS :) )
#ActiveDirectory - Domain 1 cas.authn.ldap[0].order=1 cas.authn.ldap[0].name=LDAP1 cas.authn.ldap[0].type=AD cas.authn.ldap[0].useSsl=true cas.authn.ldap[0].ldapUrl=ldaps://ad.domain.com/ cas.authn.ldap[0].enhanceWithEntryResolver=true cas.authn.ldap[0].baseDn=OU=Departments,DC=DOMAIN,DC=COM cas.authn.ldap[0].bindDn=CN=bind_account,OU=service_accounts,DC=DOMAIN,DC=com cas.authn.ldap[0].bindCredential=credentials cas.authn.ldap[0].searchFilter=cn={user} cas.authn.ldap[0].dnFormat=%s...@domain.com cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true cas.authn.ldap[0].poolPassivator=BIND In order to allow ssl, we had to add CA/domain cert to the keystore #Attribute repository cas.authn.attributeRepository.ldap[0].keystore=file:/etc/pki/ca-trust/extracted/java/cacerts cas.authn.attributeRepository.ldap[0].keystorePassword=password (default: changeit) #LDAP - domain2 (hosted on zimbra) cas.authn.ldap[1].order=2 cas.authn.ldap[1].name=LDAP-DOMAIN2 cas.authn.ldap[1].type=AUTHENTICATED cas.authn.ldap[1].useSsl=false cas.authn.ldap[1].ldapUrl=ldap://ldap.DOMAIN2.com/ cas.authn.ldap[1].enhanceWithEntryResolver=true cas.authn.ldap[1].baseDn=ou=people,dc=DOMAIN2,dc=pt cas.authn.ldap[1].bindDn=uid=zimbra,cn=admins,cn=zimbra cas.authn.ldap[1].bindCredential=credentials cas.authn.ldap[1].searchFilter=uid={user} cas.authn.ldap[1].allowMultiplePrincipalAttributeValues=true Best regards, sexta-feira, 17 de Agosto de 2018 às 13:44:27 UTC+1, JC escreveu: > > I believe that the 'cas.authn.ldap[0].userFilter' has been changed to > 'cas.authn.ldap[0].searchFilter' in 5.3.x. I also needed the CA certificate > and used 'cas.authn.ldap[0].trustCertificates=file:/<path_to_file>' in my > config. > > > > James > > On Thursday, August 16, 2018 at 11:44:21 AM UTC-4, rbon wrote: >> >> Duc, >> >> I also have these: >> >> >> cas.authn.ldap[0].baseDn=ou=loadtesters,ou=uportal,ou=applications,dc=uvic,dc=ca >> cas.authn.ldap[0].userFilter=uid:2.5.13.5:={user} >> >> Ray >> >> >> On Thu, 2018-08-16 at 03:35 -0700, Hoang Anh Duc wrote: >> >> I'm using CAS 5.3.2 and want to configure CAS with LDAP. I haven't done >> it before. I found this guide >> <https://apereo.github.io/cas/5.3.x/installation/LDAP-Authentication.html> >> for >> my installation. I followed it and dded the "compile" line and built >> succeed. But I don't know how to make a full configuration to link my LDAP >> with this CAS. The doc looks simple. Anyone can show me a simple example? >> Thanks! >> >> Here's what I added to my cas.properties, but it worked yet: >> >> >> cas.authn.ldap[0].ldapUrl=ldaps://ldap.forumsys.com >> cas.authn.ldap[0].bindDn=cn=read-only-admin,dc=example,dc=com >> cas.authn.ldap[0].bindCredential=password >> cas.authn.ldap[0].useSsl=true >> cas.authn.ldap[0].useStartTls=false >> >> cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName >> cas.authn.ldap[0].collectDnAttribute=false >> cas.authn.ldap[0].principalDnAttributeName=principalLdapDn >> cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true >> cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true >> >> -- >> Ray Bon >> Programmer analyst >> Development Services, University Systems >> 2507218831 | CLE 019 | rb...@uvic.ca >> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/992b9c3c-0f1b-47f0-97cf-15cac50f017e%40apereo.org.