Has anyone gotten the LDAP authentication to work for services
management? I have tried various iterations of filter strings, but the
spring documentation isn’t quite tailored to the way you have to do it
in the CAS file.
It's really a Spring Security configuration matter more than CAS
specifically. Here's a working configuration we use for another app:
<ldap-server url="ldaps://authn.directory.vt.edu" />
<ldap-authentication-provider
user-search-filter="uupid={0}"
user-search-base="ou=people,dc=vt,dc=edu"
group-search-filter="member={0}"
group-search-base="ou=groups,dc=vt,dc=edu"
group-role-attribute="uugid"
/>
The member attribute of our directory is like yours, it contains the DN
of members of the group. The uugid attribute is equivalent to group CN;
it's simply the group name. The uupid attribute is the username. I
believe your group search filter is correct, but your user search filter
is incorrect. You're searching by user CN, which if you're using AD
should be more like the following:
user-search-filter="(sAMAccountName={0})"
The user search filter is used to obtain a DN that is subsequently used
to search for groups by substitution into the group search filter. Most
AD deployments use the sAMAccountName for username, so the above is
probably what you need.
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
