[cas-user] LDAP Fall Through Configuration (3.3.5)

Tue, 12 Jan 2010 06:07:28 -0800 

Hi,

I am working on porting some configuration options to the latest version of CAS 
and am having a problem. In the original CAS system, we were using Jaas to 
handle the authentication and we have this in the /etc/jaas.conf:

CAS {
  com.ibm.security.auth.module.Krb5LoginModule sufficient
        debug=FALSE;
   edu.uconn.uits.jaas.ldap.LDAPLoginModule sufficient
        java.naming.provider.url="ldap://an-ldap-server:389/dc=uconn,dc=edu";
        
java.naming.security.principal="uid=username1,ou=accounts,dc=uconn,dc=edu"
        java.naming.security.credentials="blah"
        Attribute="uid"
        startTLS="true";

   edu.uconn.uits.jaas.ldap.LDAPLoginModule sufficient
        
java.naming.provider.url="ldap://another-ldap-server:389/dc=ad,dc=uconn,dc=edu";
        java.naming.security.principal="username2"
        java.naming.security.credentials="blah"
        Attribute="sAMAccountName";
};
We were hoping to get rid of the Jaas method and use the configuration options 
directly available with the LDAP module bundled with 3.3.5, at least to cover 
the bottom two authentication mechanisms.

The problem is, I can't figure out how to specify multiple LDAP servers with 
different authentication  information and have the system use them in a 
fall-through order. I have tried a couple of different things, and right now I 
have the following configuration:

credentialsToPrincipleResolvers - using 
org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver,
 has a contextSource property pointing to ref="contextSource"

authenticationHandlers - using 
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler with a contextSource 
property pointing to ref="contextSource"

contextSource - using org.springframework.ldap.core.support.LdapContextSource, 
with a URL pointing to our primary ldap server using the primary username 
(using search and bind method)


Any tips about how to go about making this into a multi-server system that 
falls through and each server has different authentication information? I can't 
just put multiple <value> tags into the urls property of the contextSource 
because the authentication information is different.

I am pretty new to this so I may be a bit muddled in my thinking :) Any tips 
would be helpful.

Sincerely,

Justin DeMaris,
University of Connecticut, UITS

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to