Hi Chris, You can create a secondary LDAP source or use AD¹s Global Catalog port/config. Using the Global Catalog you don¹t have to worry about referrals. The down side is that not all attributes are in the GC, so if you want those that aren¹t, the AD admin would have to flag them for inclusion.
-- John Gasper IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef From: Chris Irwin <[email protected]> Reply-To: <[email protected]> Date: Friday, August 7, 2015 at 6:22 AM To: <[email protected]> Subject: [cas-user] CAS 4.0.3 authentication with a child domain I have CAS 4.0.3 configured to authenticate to Active Directory. After some pain I got this up and working with accounts in the root domain. I also have accounts in a child domain that I would like to authenticate. Could anyone point me in the right direction here? Can I set up a secondary LDAP source? Should I get an LDAP referral? If so, can CAS follow it? Chris -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
