On Thu, Mar 25, 2010 at 6:01 PM, David Hawes <[email protected]> wrote: > On 3/25/10 7:53 PM, Marvin Addison wrote: > >> Right now I have two BindLdapAuthenticationHandler sections in my > >> deplyerConfigContext.xml and it's working fine. > >> ... > >> The question: is this the sanest route to take? > > > > Given that you don't want to search at a lower common node (ou=auth), > > yeah, I think multiple authentication handlers is the way to go. > > Assuming your directory server supports it, you could use extensible > matching rules to get this to work: > > (&(|(ou:dn:=people)(ou:dn:=parents))(uid=%u)) > > on search base: > > ou=auth,dc=csuchico,dc=edu > > We're on OpenLDAP, so I'll have to try this. This seems much cleaner than having two beans in the config.
Thanks! -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
