You don't need another credentials-to-principal resolver; you can simply use a more complex LDAP search filter:
(|(sAMAccountName=%u)(mail=%u)) That would produce the bind DN for a search on either of sAMAccountName or mail attributes, so the user could effectively authenticate as either username or email. Note that the CAS principal will vary based on the credential used, so if your app requires the username, e.g. for authorization, you'll need a subsequent step to map the mail attribute back onto the username. I can provide further explanation if needed if you have such a requirement. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
