Has anyone gotten the LDAP authentication to work for services management? I
have tried various iterations of filter strings, but the spring documentation
isn't quite tailored to the way you have to do it in the CAS file.
<sec:ldap-server id="ldapServer"
url="ldaps://unfcsd.unf.edu:636/"
manager-dn="CN=CAS Service Account... and on
down to .edu"
manager-password="ReallyAwesomePassword " />
<sec:ldap-user-service id="userDetailsService"
server-ref="ldapServer"
group-search-base="CN=CAS ServiceMgmt
Access,OU=Groups,OU=Security,...on the way downto the .edu"
group-role-attribute="cn"
group-search-filter="((&(objectclass=group)(member={0})))"
user-search-base="OU=Users,... and on down to
edu"
user-search-filter="(cn={0})"/>
I believe that the LDAP binding works fine, as I get authenticated and my
service ticket is created. I'm getting access denied when I try to view the
page.
So, I've been focusing on the group-search-base/filter. The cas docs say to
use uniquemember={0}. However, my LDAP servers are actually AD servers and
don't see a 'uniquemember' attribute. I do see a 'member' attribute, but it
contains the full DN of each user. I think this is why member={0} doesn't work.
I also tried:
group-search-filter="((&(objectclass=group)(member={0})))" But this throws an
exception due to the ampersand (&).
As for the user-search-filter, our directory stores the username in CN, so I
think that's correct.
Can anyone else share how they got this to work?
Geoff
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
