I'm currently using a JNDIRealm to supply authentication and group
membership to a servlet (Orbeon Forms http://www.orbeon.com/). Here's my
current config:
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldaps://server1.example.com:636"
alternateURL="ldaps://server2.example.com:636"
connectionName="cn=binduser,o=myorg"
connectionPassword="password"
userSearch="(&(objectClass=User)(employeeNumber=*)(cn={0}))"
userBase="o=myorg"
userSubtree="true"
roleName="cn"
roleSearch="(&(objectClass=groupOfNames)(member={0}))"
roleBase="o=myorg"
roleSubtree="true"
commonRole="authenticated-user"
/>
There are two features I miss when switching to using an AssertionCasRealm.
1. The commonRole property allows me to easily assign a role to all
authenticated users.
2. While I can't find any mention of this in the JNDIRealm
documentation, roleName="cn" causes the CN attribute to be extracted
from the group and used as the role name rather than the DN. This is useful
to me because Orbeon Forms doesn't currently allow commas in role names.
My AssertionCasRealm configuration is simply:
<Realm
className="org.jasig.cas.client.tomcat.v7.AssertionCasRealm"
roleAttributeName="groupMembership"
/>
Are there any changes I can make to my AssertionCasRealm configuration to
accomplish the same results as I was getting with JNDIRealm?
Aaron Spike
--
This electronic communication, including any attached documents, may
contain confidential and/or legally privileged information that is intended
only for use by the recipient(s) named above. If you have received this
communication in error, please notify the sender immediately and delete the
communication and any attachments. Views expressed by the author do not
necessarily represent those of Martin Luther College.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
