Adam Franco wrote: > I have an Active Directory in which users are stored in multiple > containers. While a single BindLdapAuthenticationHandler with the > searchBase configured to my AD domain root suffices to verify passwords, > I found that I had to configure separate > CredentialsToLDAPAttributePrincipalResolver and LdapPersonAttributeDao > pairs for each user container as one of these would not locate any users > if the searchBase/baseDN was set to the AD domain root.
http://www.ja-sig.org/issues/browse/CAS-663 Not sure in which state this is. Didn't do tests for this myself. One work-around for this is to use LDAP access to AD's Global Catalog (GC) instead of the standard LDAP port. If you make use of non-standard GC attributes for the mapping (e.g. employeeNumber) you have to tweak AD's configuration so the required attribute(s) is/are replicated to the GC. Ciao, Michael. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
