> Are there any other consequences of setting this attribute to true? Yes, it creates ambiguity about who is attempting to authenticate. For example, multiple entries do not necessarily point to the same individual. I believe the implementation of the bind handler is to attempt to bind with only the first returned result, so you might get auth failures if the first result matches the query but isn't the logical entry of the authenticating party. In the worst case, which is likely vanishingly small, both entries represent different people yet have the same password, which could allow impersonation.
M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
