Re: [cas-user] CAS + Multiple BindLdapAuthenticationHandler

Thu, 06 May 2010 11:13:48 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dean Heisey escribió:
> Is it possible to add multiple BindLdapAuthenticationHandlers to the 
> AuthenticationHandler list and have them configured to use different Ldap
> servers?

I'm looking for something similar, too. But in your case, you have two
servers. It's been told that CAS (or Spring, more exactly?) falls back
when you specify a set of servers, say instead of:

<bean id="contextSource"
class="org.springframework.ldap.core.support.LdapContextSource">
        <property name="url" value="ldap://localhost/"; />
</bean>

having:

<bean id="contextSource"
class="org.springframework.ldap.core.support.LdapContextSource">
        <property name="pooled" value="false"/>
        <property name="urls">
                <list>
                        <value>ldaps://ldap.rutgers.edu/</value>
                        <value>ldaps://ldap2.rutgers.edu/</value>
                </list>
        </property>
...
</bean>

If your filter and base are the same on the two servers, it should work
(you can only set one filter/ base in the BindLdapAuthenticationHandler)

> As an aside.  Yes, this configuration is much less than ideal.  It evolved
> organically and I am stuck in the middle with no authoritative source for
> authenticating users.  It makes for fun times.

Hey, it's not a crazy setup. I have a client with multiple DCs on the
same LDAP server and CAS doesn't seem to support this at this moment,
I'm currently trying with stacked JAAS setups... or multiple CAS servers
which would definitely be a 'less than ideal' setup, I think.

- --
José Miguel Parrella Romero (bureado.com.ve)          PGP: 0×88D4B7DF
Debian Developer                                Caracas, VE/Quito, EC
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJL4wOyAAoJEMAyQqmI1LffaQoP/iDOxRAnCSKgPuaGZ04rNWNS
qNGcRggQrfofEFQz/s4LkAQQjc2wLOynu1pwivafm6hy5QUN/4uAR7DN0qHszKlq
JD5MbIP7bGSMnUbB1+J2QU1pmtmB0neoa4oYwWqOd0jFXXWdW9K7VMErgsag/jnj
tVYzAaKL23pUSI1E8CZCtGi9mK7QRWUFXHr3yspk5R5MgfV77lhYpefDVZLKMaHu
5HvTEMubq0XVVsMgVhC3dTw7q/jwc8flX/089hWyHpcDwPrzwKpp3LKApo70394y
IRBm90vzUyMbe07WrE+hcIw8LNgnRp4ybxFvyJjIUQ7srhBGNLseHXlAUtdvKtft
gRdADkfKFhzPdeb7dwCAKpKD8BFM1Z5EL4fZt6H00KUWqt23P0dDd1qLuke3Iew0
Lyoxb5FUVf+xNZfC74H/ycp5ry73YqAzoBKl7jLPbYHoTEMirzJtfFGHYNcrsGXa
kLJMMl55h90VCb5lMobIRApZ/QDDeAqRJdoy3NOT/kYjNAnBgao4NskNVXUd7V42
Bzo2mlHmVxayE+XL45C81wz2OTjO2ews0nOW+vhkPI0fuL8GoQwtweDKkPcr0Anx
b5xt/USM1cweHvJr3J1LQ1aNqCsMAsezlm37QJBMNMlLOQHwZ/+4wwhd6pyvtKQf
oK6QxyV1oIlBHSEA02x3
=qjL0
-----END PGP SIGNATURE-----

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to