Hi. We're having a problem that I was wondering if someone here might have some suggestions on how to deal with. One of the attributes we're passing (from LDAP) is a multi-valued attribute, and one of our users has many many values for this attibute in his entry. He was having trouble logging in to a test client we had set up using mod_auth_cas, and we had the idea that it might be related to the size of this attribute. So I removed it from the list of allowed attributes for one of our registered servers, and he was then able to log in to that server. (Prior to that, the failure varied somewhat by browser/platform -- in some cases, he just got a not authorized page, and in other cases, there was a loop/too many hops because it kept going back and forth between the server and the cas server.)
Our first thought was that there was something in mod_auth_cas that was not handling this large attribute -- maybe a static size that was set too small -- but we have not debugged this completely yet. (As some data for comparison purposes, I was not having any trouble logging in, and I have 14 values for this attribute, with a total size of about 150 characters; the other user had 50 values totalling about 500 characters.) If so, we might be able to modify mod_auth_cas locally to handle this situation (and maybe generate a bug report that leads to this being fixed in the released code). Does anyone have any insight into what in particular might be leading to this problem? Of course, it's possible that this problem is not related to the size of the attribute -- for instance, maybe one of the values has a bad character in it. But further debugging should give us more info about this. This user can log in just fine to our Moodle server (which also uses cas), which is what leads us to believe that the problem is on the mod_auth_cas side, rather than the cas server side. (Of course, this could be wrong too). Thanks. Milt Epstein Applications Developer Graduate School of Library and Information Science (GSLIS) University of Illinois at Urbana-Champaign (UIUC) [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
