According to http://jasig.github.io/cas/4.0.x/installation/LDAP-Authentication.html, LdapAuthenticationHandler can be configured to authenticate users with any of the following methods: 1. Active Directory – users authenticate with sAMAAccountName 2. Authenticated Search – Manager bind/search followed by user simple bind 3. Anonymous Search – Anonymous search followed by user simple bind 4. Direct Bind – Compute user DN from format string and perform simple bind I would like to use Method 1 (Active Directory authentication using sAMAAccountName) if possible without using two-step authentication using a service account to obtain the user DN. Is this possible without having all users in the same LDAP tree?
Methods 3 and 4 are not applicable to us, because our Active Directory LDAP server does not allow an anonymous search, nor does it have all users in the same LDAP branch. Method 2 involves a two-step authentication, the first step via a read-only service account to determine the user DN, followed by the second step during which the user is authenticated. Will Method 1 allow us to trim our authentication process into a single step? -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
