Bruno, We used LDAP authentication against AD without any issues; we simply switched back to using Kerberos because it is faster and preferred by our AD admins. If you are having issues configuring this, I will be happy to send you a sample config.
A- On 2/20/09 8:09 AM, "Bruno Melloni" <[email protected]> wrote: > Hi Li, > > I hit similar difficulties trying to understand how to configure CAS for LDAP > authentication against ActiveDirectory. In the end I found it easier to write > my own Authentication Handler and plain vanilla LDAP search code. > > You are doing the right thing by trying to use the CAS LDAP authentication > handler, as it is a much more robust answer than any custom handler can be. > But if you can¹t figure out how to configure the LDAP Authenticator properly, > let me know I¹d be happy to share my code and configuration. It is very > primitive, but reliable and easy to use. > > b. > > > > From: Andrew Feller [mailto:[email protected]] > Sent: Friday, February 20, 2009 7:40 AM > To: [email protected] > Subject: Re: [cas-user] CAS 3 problem > > Li, > > I think this might be a misconfiguration issue. When configuring your LDAP > Context & Authentication Handler, you can set how deep beneath the searchBase > to search. If you are like the rest of us, you probably don¹t have all user > entries within a single base, so you need to configure the scope to search > subtrees. Without more info, this is my best knee jerk reaction. > > Hope it helps, > A- > > <!-- > LDAP Authentication Handler used to authenticate against Lotus Domino > Scope Values (javax.naming.directory.SearchControls): > OBJECT_SCOPE (0) > ONLEVEL_SCOPE (1) > SUBTREE_SCOPE (2) > --> > <bean > class="org.jasig.cas.authentication.handler.support.BindLdapAuthenticationHand > ler" > p:filter="uid=%uid" > p:searchBase="o=whatever" > p:contextSource-ref="contextSource" > p:scope="2" > p:timeout="120" /> > > CAS Wiki: http://www.ja-sig.org/wiki/display/CASUM/LDAP > > > > On 2/20/09 2:27 AM, "Raghu Ravi" <[email protected]> wrote: > Hi Li, > Could you give more detail on the error, the server log will do. > > On Fri, Feb 20, 2009 at 5:55 AM, Li Zhang <[email protected]> wrote: > Hi, > > I've installed CAS 3.3.1 server on my machine. > Now I only can use my own credentials to login. > Other persons on the same LDAP server can > not login using CAS. What could be the problem? > Is that a certificate issue ? > > > Thanks. > > Li > > -- > Andrew Feller, Analyst > LSU University Information Services > 200 Frey Computing Services Center > Baton Rouge, LA 70803 > Office: 225.578.3737 > Fax: 225.578.6400 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
