Shi, Thanks for your suggestion. However, it turns out that <property name="filter" value="uid:caseExactmatch:=%u" /> for the LDAP handler bean does not work for the ApacheDS LDAP.
The solution I've come up with does not involve CAS: change the "uid" object's m-equality attribute in the LDAP schema from "caseIgnoreMatch" to "caseExactMatch" -- this produces the desired case-sensitive authentication. Barry Silk ________________________________________ From: Shi Yusen [[email protected]] Sent: Tuesday, April 14, 2009 3:08 PM To: [email protected] Subject: Re: [cas-user] How to configure CAS for case-sensitive userid I use this config for OpenLDAP: <property name="filter" value="uid:caseExactmatch:=%u" /> Perhaps you can try it for your LDAP. Regards, Shi Yusen/Beijing Langhua Ltd. 在 2009-04-14二的 10:43 -0400,Barry Silk写道: > Can anyone offer advice on how to configure CAS for case-sensitive userids? > The current behavior of CAS, server version 3.2.1, is to accept any > combination of uppercase and lowercase letters that makeup the userid. For > example, "admin" is treated the same as "AdMIn" or "adMIN" when providing a > username/password and will be authenticated, even though only the "admin" is > stored in the LDAP. The desired behavior is to treat "admin", "AdMIn", and > "adMIN" as three separate userids and reject a login attempt with the wrong > case. > > >From a little research, it appears that it may be a matter of configuring > >the LDAP handler bean with the right filter. The bean is currently > >configured as follows: > > <bean id="ldapHandler" > class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> > <property name="filter" > value="uid=%u" /> > ... > </bean> > > Can anyone provide the proper way to configure this bean for case-sensitivity > or is there something else that needs to be done? > > Thanks! > Barry Silk > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
