> Our LDAP is a Critical Path InJoin Directory Server. I have seen samples > with Active Directory Server, but I don't see Critical Path InJoin Directory > Server samples. Does CAS work with this server?
I'd expect it will work fine. The underlying LDAP support is provided by the Sun JNDI provider, which is LDAPv3 compliant. The LDAP provider is pluggable, but I've never heard of anyone switching out the Sun implementation since it's very capable. > Users are in different branches, > > o=peope,ou=AAA,o=zz,o=yy,c=xx > o=peope,ou=BBB,o=zz,o=yy,c=xx > o=peope,ou=CCC,o=zz,o=yy,c=xx You'll need to define 3 BindLdapAuthenticationHandler beans, one for each branch; that's the only solution. By default CAS attempts authentication with all defined handlers and short circuits on the first success; authentication fails only if no handler succeeds. This approach assumes each user ID is globally unique across all 3 branches. If users are not globally unique there is a vanishingly small chance of indeterminate authentication results for two users that happen to have the same username/password combination. You should evaluate for yourself if this is a concern in light of your password change and complexity policies. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
