Justin, you should be able to specify multiple ContextSources and then refer to the correct one. There are also other AuthenticationManagers that do direct mapping of AuthHandler->CredentialsToPrincipalResolver to ensure the proper ones are chained together.
Cheers, Scott On Tue, Jan 12, 2010 at 9:07 AM, Demaris, Justin <[email protected]>wrote: > Hi, > > > > I am working on porting some configuration options to the latest version of > CAS and am having a problem. In the original CAS system, we were using Jaas > to handle the authentication and we have this in the /etc/jaas.conf: > > > > CAS { > > com.ibm.security.auth.module.Krb5LoginModule sufficient > > debug=FALSE; > > edu.uconn.uits.jaas.ldap.LDAPLoginModule sufficient > > > java.naming.provider.url="ldap://an-ldap-server:389/dc=uconn,dc=edu"; > > > java.naming.security.principal="uid=username1,ou=accounts,dc=uconn,dc=edu" > > java.naming.security.credentials="blah" > > Attribute="uid" > > startTLS="true"; > > > > edu.uconn.uits.jaas.ldap.LDAPLoginModule sufficient > > > java.naming.provider.url="ldap://another-ldap-server:389/dc=ad,dc=uconn,dc=edu"; > > java.naming.security.principal="username2" > > java.naming.security.credentials="blah" > > Attribute="sAMAccountName"; > > }; > > We were hoping to get rid of the Jaas method and use the configuration > options directly available with the LDAP module bundled with 3.3.5, at least > to cover the bottom two authentication mechanisms. > > > > The problem is, I can’t figure out how to specify multiple LDAP servers > with different authentication information and have the system use them in a > fall-through order. I have tried a couple of different things, and right now > I have the following configuration: > > > > credentialsToPrincipleResolvers – using > org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver, > has a contextSource property pointing to ref=”contextSource” > > > > authenticationHandlers – using > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler with a > contextSource property pointing to ref=”contextSource” > > > > contextSource – using > org.springframework.ldap.core.support.LdapContextSource, with a URL pointing > to our primary ldap server using the primary username (using search and bind > method) > > > > > > Any tips about how to go about making this into a multi-server system that > falls through and each server has different authentication information? I > can’t just put multiple <value> tags into the urls property of the > contextSource because the authentication information is different. > > > > I am pretty new to this so I may be a bit muddled in my thinking J Any > tips would be helpful. > > > > Sincerely, > > > > Justin DeMaris, > > University of Connecticut, UITS > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
