Marvin S. Addison wrote: >> for openldap try using: <entry key="entrydn" value="dn"/> > > Don't believe this will work since as Michael noted AD doesn't support RFC > 5020.
AD does not set attribute 'entryDN'. Instead AD sets attribute 'distinguishedName'. So CAS can retrieve the DN from an attribute in the user's entry but you have to explicitly configure the right attribute. Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
