That's what I was starting to think. I've configured other products using the search base that went all the way to the CN, but if I do stop at Security, or Groups where do I tell it what the group name is?
Geoff -----Original Message----- From: Marvin S. Addison [mailto:[email protected]] Sent: Friday, October 11, 2013 12:43 PM To: [email protected] Subject: Re: [cas-user] Services Management -LDAP Auth > Is the Group-search-base supposed to stop at an OU? I took mine all > the way to the CN of the group. If it is supposed to stop at the OU > level, then how does Spring identify the right group? That question drew me to what looks like an obvious problem in your config: group-search-base="CN=CAS ServiceMgmt Access,OU=Groups,OU=Security,...on the way downto the .edu" That is incorrect. You likely want "OU=Groups,OU=Security,...,dc=edu" in there. If you want to search from the branch downward (OU=Security, etc), you need to configure a subtree-scope search. I don't recall offhand how to do that, but it's likely documented in the spring security docs. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
