-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Not CAS-specific, but from a very simplified and general Identity & Access Management point-of-view, I would suggest that user names be unique throughout your LDAP installation. You should either make sure that there is only one "msmith" in your authentication system (LDAP, AD, Kerberos, RDBMS, whatever), or use a scope such as "[email protected]" or "edu/uconn/msmith", etc.
HTH, - -Matt On 08/10/2011 05:00 PM, Juan Quintanilla wrote: > Hi, > > I have a question regarding CAS with ldap authentication. We users in different ldap OU were they have the same username, when CAS uses these OU to authenticate the user if it finds the same user in both OU's it will authenticate the user but not return the saml attributes. > > Has anyone run into this problem before, is there a way to tell cas to just pick one and take its attributes? Our other option is to remove the secondary entry from ldap. > > Thanks! > > ___________________ > Juan Quintanilla > UTS - Enterprise Group > 305-348-6573 > [email protected] - -- Matthew J. Smith University of Connecticut UITS [email protected] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5DwVsACgkQGER0Au6g8xDX8gCeO2hzaE91lbCo1nxPrpPAfANm 3d4AoInHYHYEcGISJjN8WKSQ8zLdIWZh =hHG7 -----END PGP SIGNATURE----- -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
