Here is an example ldap.txt. I use this to check to see if they are authorized to use ezproxy. You can contact me directly if you have any follow up questions.
ezproxy-l listserv is a good information source http://ls.suny.edu/read/?forum=ezproxy ldap.txt ::LDAP Debug IgnorePassword BindUser uid=binduser,cn=users,dc=domain,dc=edu BindPassword -Obscure xyzzy URL ldaps:// ldap.domain.edu/cn=users,dc=domain,dc=edu?uid?sub?(objectClass=person) IfUnauthenticated; Stop Group Default IfTest eduPersonPrimaryAffiliation Faculty; Stop IfTest eduPersonPrimaryAffiliation Student; Stop IfTest eduPersonPrimaryAffiliation Staff; Stop Deny /LDAP Thanks, Tom On Wed, Feb 11, 2015 at 12:32 PM, Chris Adams <[email protected]> wrote: > Thank you. I don’t quite understand the following line: > > > > Set login:user= auth:cas:user > > > > From my reading, it is needed when there are multiple authentication > methods used. > > > > My CAS server is utilizing an external MySQL db for authentication, which > Ezproxy uses now, without CAS as the front end authentication. > > > > > > Also, what do you mean by ‘affiliation checks’? > > > > > > > > *From:* Tom Mendenhall [mailto:[email protected]] > *Sent:* Wednesday, February 11, 2015 9:19 AM > > *To:* [email protected] > *Subject:* Re: [cas-user] CAS and EZproxy > > > > Here is the CAS part of my user.txt. It works without double > authentication. > > > > ::CAS > > Debug > > LoginURL https://cas.domain.edu/cas/login > > ServiceValidateURL https://cas.domain.edu/cas/serviceValidate > > IfUnauthenticated; Stop > > Set login:user= auth:cas:user > > Set UserFile("ldap.txt") > > /CAS > > > > ldap.txt has my affiliation checks. > > > > > On Wed, Feb 11, 2015 at 8:54 AM, Chris Adams <[email protected]> > wrote: > > Thank you. Actually, I don’t add the CAS server prefix when actually > testing CAS. That was a bad example. > > > > However, I do get the same result when I configure Ezproxy to use CAS, > which uses a URL like you mentioned in your example. > > > > *From:* Tom Mendenhall [mailto:[email protected]] > *Sent:* Wednesday, February 11, 2015 8:43 AM > *To:* [email protected] > *Subject:* Re: [cas-user] CAS and EZproxy > > > > > > You don't need to add the CAS server prefix. Ezproxy will redirect > automatically to CAS for authentication. > > > > Try > > http://myezproxy.server.com/login?url=http://myresource.com > > or > > https://myezproxy.server.com/login?url=http://myresource.com > > > > Tom > > > > > > On Wed, Feb 11, 2015 at 8:30 AM, Chris Adams <[email protected]> > wrote: > > Hello all, > > > > I have read documentation for using CAS with Ezproxy and it seems to agree > with some postings on this list. However, I am missing something and > thought someone here might want to weigh in. > > > > I have the Ezproxy server registered as a service with CAS. > > > > The Ezproxy URL format I am using (and successfully using login directly > through Ezproxy) is something like: > > > > http://myezproxy.server.com/login?url=http://myresource.com > > > > > > According to the Ezproxy documentation for a CAS implementation: > > > Configuration > > To enable Central Authentication Service (CAS) <http://www.jasig.org/cas>, > edit user.txt/ezproxy.usr and add lines similar to: > > ::CAS > LoginURL http://www.yourlib.org/cas/login > ServiceValidateURL http://www.yourlib.org/cas/serviceValidate > /CAS > > By default, the use of CAS disables EZproxy's normal login methods, > including the presentation of the login menu. > > My constructed URL looks something like this: > > https://mycas.server.com/cas/login?service= > http://myezproxy.server.com/login?url=http://myresource.com > > > > After doing this, I restart Ezproxy. When I try to access one of the URLs, > it takes me to the CAS login page, I log in, and it takes me to the Ezproxy > login page. I’m not sure why it is not just taking me to the resource, as I > thought this is supposed to disable the normal Ezproxy login method. I > tried commenting out the configured login method for Ezproxy, but still it > presents the login page. > > If this is more of an Ezproxy question, I can follow up on that. > > Many thanks, Christopher Adams > > > > > > > > > > > > > > > > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
