Hello list,
I am trying to implement LDAP authentication to Services management for
CAS 3.5.2.1 instead of simple "user-service". I have used and modified
accordingly configuration mentioned here:
https://wiki.jasig.org/display/CASUM/Configuring#Configuring-Ldap-servermanagedlistofusers
What is the behavior:
- CAS successfully bind to "manager-dn"
- CAS successfully performed LDAP search in "user-search-base" for user
"uid=michal.bruncko"
- CAS successfully searched for group within "group-search-base" with
filter "(&(cn=CAS Admins)(uniquemember={0}))" where {0} is DN of
"uid=michal.bruncko" object
- LDAP successfully returned "group-role-attribute"
... but the problem is, that I am still getting "Access Denied" even if
all steps above were completed fine. But maybe I am still missing the
glue for "group-role-attribute". Does this "group-role-attribute" means
that this attribute (in my case "cn") must contain some specific name in
order to get authorized to CAS Service Management? Should the LDAP
group be named as "ADMIN" or "ROLE_ADMIN"? Where can I define which LDAP
group is that right for allowing access into Service management gui?
thanks!
michal
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
