Hello,
Usually, we leave two or three way for our users to authenticate against
AD : common name (actually first part of email), full email or windows
login, the ldap filter looks like :
(|(cn=%u)(email=%u)(samAccountName=%u)). Beware that this kind of ldap
filter should find at most one entry.
Rgds.
Le 14/09/2012 10:41, tom duca a écrit :
Hi everybody,
I'm discovering cas server (i'm beginner !)
and i've installed cas server 3.5.0 with tomcat6 on RHEL6.
I've succeded to configure cas server to authenticate active directory
users.
In the deployerConfigContext.xml file i've specified :
<bean
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
p:filter="cn=%u" p:searchBase="dc=mydomain,dc=com"
p:contextSource-ref="contextSource"
p:ignorePartialResultException="true"/>
<bean id="contextSource"
class="org.springframework.ldap.core.support.LdapContextSource">
<property name="pooled" value="false"/>
<property name="url" value="ldap://LDAP-SERVER-IP"/
<ldap://LDAP-SERVER-IP%22/>>
<property name="userDn"
value="cn=userldap,ou=Users,dc=mydomain,dc=com"/>
<property name="password" value="passworduserldap"/>
<property name="baseEnvironmentProperties">
<map>
<entry key="com.sun.jndi.ldap.connect.timeout" value="3000"/>
<entry key="com.sun.jndi.ldap.read.timeout" value="3000"/>
<entry key="java.naming.security.authentication" value="simple"/>
</map>
</property>
</bean>
Now, i wold like to authenticate users with either their email
address, either their username.
(authenticate username already works fine)
Do you know where would i specify this please ?
for example, can i specify several filters as p:filter="cn=%u" ?
Thanks a lot,
Tom DUCA
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user