Marvin,
not sure if this made it to the list.
Thanks in advance,
Johan
----- Original Message -----
From: "Johan Reinalda" <[email protected]>
To: <[email protected]>
Sent: Tuesday, August 25, 2009 11:42 AM
Subject: Re: [cas-user] Sign-on with alias
Marvin,
Yes, that is exactly what we need! We do indeed need the sAMaccount (in
our case the numeric id) back to all applications, instead of the email
address if that was used to login.
If you can get me going in that direction, that would be fantastic!
Thanks,
Johan
----- Original Message -----
From: "Marvin Addison" <[email protected]>
To: <[email protected]>
Sent: Tuesday, August 25, 2009 9:14 AM
Subject: Re: [cas-user] Sign-on with alias
You don't need another credentials-to-principal resolver; you can
simply use a more complex LDAP search filter:
(|(sAMAccountName=%u)(mail=%u))
That would produce the bind DN for a search on either of
sAMAccountName or mail attributes, so the user could effectively
authenticate as either username or email. Note that the CAS principal
will vary based on the credential used, so if your app requires the
username, e.g. for authorization, you'll need a subsequent step to map
the mail attribute back onto the username. I can provide further
explanation if needed if you have such a requirement.
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
