Is the Group-search-base supposed to stop at an OU? I took mine all the way to the CN of the group. If it is supposed to stop at the OU level, then how does Spring identify the right group?
That question drew me to what looks like an obvious problem in your config: group-search-base="CN=CAS ServiceMgmt Access,OU=Groups,OU=Security,…on the way downto the .edu" That is incorrect. You likely want "OU=Groups,OU=Security,...,dc=edu" in there. If you want to search from the branch downward (OU=Security, etc), you need to configure a subtree-scope search. I don't recall offhand how to do that, but it's likely documented in the spring security docs. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
