Hello, Ray
I've tried different ways to configure this setting ".searchFilter". But
nothing works
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldap://<url>:389
cas.authn.ldap[0].baseDn=<baseDn>
*cas.authn.ldap[0].dnFormat=%s@<domain>#cas.authn.ldap[0].dnFormat=#%s@<domain>*
#cas.authn.ldap[0].dnFormat=%s
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].useStartTls=false
cas.authn.ldap[0].connectTimeout=5000
cas.authn.ldap[0].userFilter=(sAMAccountName={user})
#cas.authn.ldap[0].userFilter=(|(sAMAccountName=#{user})(sAMAccountName={user}))
#cas.authn.ldap[0].userFilter=(UserPrincipalName={0})
#cas.authn.ldap[0].userFilter=(UserPrincipalName={user})
*cas.authn.ldap[0].searchFilter=(sAMAccountName=#{user})*
*#cas.authn.ldap[0].searchFilter=(|(sAMAccountName=#{user})(sAMAccountName={user}))#cas.authn.ldap[0].searchFilter=(sAMAccountName={user})*
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].usePasswordPolicy=false
cas.authn.ldap[0].principalAttributeId=
cas.authn.ldap[0].principalAttributeList=
cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true
cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true
Regards,
Bogdan Badz
суббота, 23 марта 2024 г. в 05:58:54 UTC+2, Ray Bon:
> Bogdan,
>
> Perhaps you can use the ldap filter
> search-filter=#{user}
>
> You can have multiple ldap configs and they are processed in order.
>
> Ray
>
> On Fri, 2024-03-22 at 11:04 -0700, Bogdan Badz wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
>
> Hello CAS Community
>
> We are using CAS v6.5 as Federated Sign-In Module for MS Active Directory
> users. There is a requirement to support usernames starting with a hash
> symbol '#'.
>
> For example: #[email protected].
>
> We noticed that for integration with LDAP, CAS uses the Ldaptive library.
>
> The documentation says that in this case special characters are escaped.
> And this is working correctly.
>
> But we would also need the ability to disable this feature for certain
> characters.
>
> org.ldaptive.auth.FormatDnResolver contains boolean value 'escapeUser'
> which is 'true' by default.
>
> At the Ldaptive library level this parameter can be configured, but based
> on what we saw in the CAS sources, only the default state is used there
> which does not help us authenticate AD users beginning with #.
>
> Could anyone help us solve this problem?
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ce573025-876b-406b-8968-7560833ed7e0n%40apereo.org.
