As Marvin suggests, either your filter needs to define an attribute that has a unique value for students/staff [so it fails for other branches of the subtree].or you should define two handlers. The latter configuration is probably simpler to configure.
From: Farzan Qureshi [mailto:[email protected]] Sent: Thursday, August 1, 2013 2:21 PM To: [email protected] Subject: Re: [cas-user] Multiple search base for LDAP Hi Marvin, Thanks for your response. Let me define my scenario. What I want to achieve is as follows: I have couple of user OUs. However I only want users in Staff and Students OUs to be able to log in through CAS Server. I am not sure how to achieve this because currently as I said earlier CAS is searching complete tree for a user which in return also authenticates user who is in some different OU, which I don't want. Any further ideas? Or shall I go further with defining two handlers? Kind regards, Farzan On 2 August 2013 07:41, Marvin Addison <[email protected]> wrote: > How I can do a subtree searches? I just reviewed the source and subtree is the default. You can modify the search scope with the scope property of BindLdapAuthenticationHandler. Acceptable values are integers defined in the public constants of http://docs.oracle.com/javase/6/docs/api/javax/naming/directory/SearchCont rols.html. > Yes descendent is same but I want to limit search to only to two user OUs > that is Staff and Students. Any examples?? There's no way to say "search only these branches of a subtree." You could produce equivalent results by including an attribute as part of your search filter that has some unique value for users in those branches: filter="(&(mail=%u)(someotherattribute=uniquevalue))" If you can't meet the requirement of a unique attribute value for uses in those OUs, then the only alternative would be to define two separate handlers per the suggestion made earlier. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- Farzan Qureshi | Network Administrator & Help-desk Support | Rosmini College | (09) 487 0 530 This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager ([email protected]). Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. Rosmini College accepts no liability for any damage caused by any virus transmitted by this email. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
