We're about to re-jigger our LDAP trees and I'm wondering what the best
approach would be for my CAS configuration.
Currently my searchBase is ou=people,ou=auth,dc=csuchico,dc=edu.
I need to support another tree, ou=parents,ou=auth,dc=csuchico,dc=edu.
I don't want searchBase to just be ou=auth,dc=csuchico,dc=edu as that would
expose trees that we don't want exposed.
I don't think that I can configure multiple searchBase properties in a
single bean.
Right now I have two BindLdapAuthenticationHandler sections in my
deplyerConfigContext.xml and it's working fine.
<bean
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter" value="uid=%u" />
<property name="searchBase"
value="ou=people,ou=auth,dc=csuchico,dc=edu" />
<property name="contextSource" ref="contextSource" />
</bean>
<bean
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter" value="uid=%u" />
<property name="searchBase"
value="ou=parents,ou=auth,dc=csuchico,dc=edu" />
<property name="contextSource" ref="contextSource" />
</bean>
The question: is this the sanest route to take?
Pat
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
