Thanks for your help. I will define two handlers then...
On 2 August 2013 12:31, Misagh Moayyed <[email protected]> wrote: > As Marvin suggests, either your filter needs to define an attribute that > has a unique value for students/staff [so it fails for other branches of > the subtree]…or you should define two handlers. The latter configuration is > probably simpler to configure.**** > > ** ** > > *From:* Farzan Qureshi [mailto:[email protected]] > *Sent:* Thursday, August 1, 2013 2:21 PM > *To:* [email protected] > *Subject:* Re: [cas-user] Multiple search base for LDAP**** > > ** ** > > Hi Marvin,**** > > Thanks for your response. **** > > Let me define my scenario. What I want to achieve is as follows:**** > > I have couple of user OUs. However I only want users in Staff and Students > OUs to be able to log in through CAS Server. I am not sure how to achieve > this because currently as I said earlier CAS is searching complete tree for > a user which in return also authenticates user who is in some different OU, > which I don't want.**** > > Any further ideas? Or shall I go further with defining two handlers?**** > > Kind regards,**** > > Farzan**** > > ** ** > > On 2 August 2013 07:41, Marvin Addison <[email protected]> wrote:** > ** > > > How I can do a subtree searches?**** > > I just reviewed the source and subtree is the default. You can modify > the search scope with the scope property of > BindLdapAuthenticationHandler. Acceptable values are integers defined > in the public constants of > > http://docs.oracle.com/javase/6/docs/api/javax/naming/directory/SearchControls.html > .**** > > > > Yes descendent is same but I want to limit search to only to two user OUs > > that is Staff and Students. Any examples??**** > > There's no way to say "search only these branches of a subtree." You > could produce equivalent results by including an attribute as part of > your search filter that has some unique value for users in those > branches: > > filter="(&(mail=%u)(someotherattribute=uniquevalue))" > > If you can't meet the requirement of a unique attribute value for uses > in those OUs, then the only alternative would be to define two > separate handlers per the suggestion made earlier.**** > > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user**** > > > > > -- > *Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini > College | (09) 487 0 530 **** > > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the system manager ( > *[email protected]*). Please note that any views or opinions > presented in this email are solely those of the author and do not > necessarily represent those of the company. Finally, the recipient should > check this email and any attachments for the presence of viruses. *Rosmini > College* accepts no liability for any damage caused by any virus > transmitted by this email. **** > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user**** > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- *Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini College | (09) 487 0 530 -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager ( [email protected]). Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. Rosmini Collegeaccepts no liability for any damage caused by any virus transmitted by this email. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
