Unless you need/want attributes, FWIW I didn't see any meaningful difference in
performance (with our site anyway) between wiring up the 'native' CAS LDAP
adapter (fast bind) and using JAAS/LDAP.
The latter was fairly simple:
- set up JaasAuthenticationHandler in deployerConfigContext.xml
- configure your environment as necessary for the JAAS config file e.g.
-Djava.security.auth.login.config=/some/path/login.config
- the JAAS config file (direct/fast bind):
CAS {
edu.vt.middleware.ldap.jaas.LdapLoginModule sufficient
ldapUrl="ldap://yourhost.foo.edu";
tls="true"
baseDn="cn=mycontainer,dc=foo,dc=edu"
constructDn="true";
};
Note that this setup makes/drops a new connection to the directory for each
authentication (JAAS docs say it should do so for good reason), i.e. connection
pooling does not apply.
StartTLS for our directory was actually faster than ldaps.
Caveat: I'm fairly new to CAS.
Tom.
On Jun 14, 2013, at 10:45 AM, Larry <[email protected]> wrote:
> Hi Shashank,
>
> We are in the process of setting up a standalone CAS server with version
> 3.5.1 and we ran into the same problem as you described. Their documents
> just miss a lot of important details and very confusing. Did you ever fix
> the problem? And how? Any insight and advice will be much appreciated!
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
