Barry,
Besides modifying the schema, I think there's still other ways you can
check case-sensitive uid such as:
String loggedUid = (String)
searchResult.getAttributes().get("uid").get(0);
if (uid.equals(loggedUid)) {
// uid is the same
} else {
// uid is not the same
}
Here, searchResult is javax.naming.directory.SearchResult returned from
a successfully bind.
Regards,
Shi Yusen/Beijing Langhua Ltd.
在 2009-04-17五的 09:42 -0400,Barry Silk写道:
> Shi,
>
> Thanks for your suggestion. However, it turns out that <property
> name="filter" value="uid:caseExactmatch:=%u" /> for the LDAP handler bean
> does not work for the ApacheDS LDAP.
>
> The solution I've come up with does not involve CAS: change the "uid"
> object's m-equality attribute in the LDAP schema from "caseIgnoreMatch" to
> "caseExactMatch" -- this produces the desired case-sensitive authentication.
>
> Barry Silk
> ________________________________________
> From: Shi Yusen [[email protected]]
> Sent: Tuesday, April 14, 2009 3:08 PM
> To: [email protected]
> Subject: Re: [cas-user] How to configure CAS for case-sensitive userid
>
> I use this config for OpenLDAP:
> <property name="filter" value="uid:caseExactmatch:=%u" />
>
> Perhaps you can try it for your LDAP.
>
> Regards,
>
> Shi Yusen/Beijing Langhua Ltd.
>
>
> 在 2009-04-14二的 10:43 -0400,Barry Silk写道:
> > Can anyone offer advice on how to configure CAS for case-sensitive userids?
> > The current behavior of CAS, server version 3.2.1, is to accept any
> > combination of uppercase and lowercase letters that makeup the userid. For
> > example, "admin" is treated the same as "AdMIn" or "adMIN" when providing a
> > username/password and will be authenticated, even though only the "admin"
> > is stored in the LDAP. The desired behavior is to treat "admin", "AdMIn",
> > and "adMIN" as three separate userids and reject a login attempt with the
> > wrong case.
> >
> > >From a little research, it appears that it may be a matter of configuring
> > >the LDAP handler bean with the right filter. The bean is currently
> > >configured as follows:
> >
> > <bean id="ldapHandler"
> > class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
> > <property name="filter"
> > value="uid=%u" />
> > ...
> > </bean>
> >
> > Can anyone provide the proper way to configure this bean for
> > case-sensitivity or is there something else that needs to be done?
> >
> > Thanks!
> > Barry Silk
> >
>
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
