John, I appreciate the response. I'm pretty new to this, any chance you could point me to a doc on how to set either option up? I assume that we add an element in the LdapAuthenticationHandler to enable a 2nd source? Using the GC may be enough, do I just need to change the port I'm using to 3268?
Chris From: John Gasper [mailto:[email protected]] Sent: Friday, August 7, 2015 12:54 PM To: [email protected] Subject: Re: [cas-user] CAS 4.0.3 authentication with a child domain Hi Chris, You can create a secondary LDAP source or use AD's Global Catalog port/config. Using the Global Catalog you don't have to worry about referrals. The down side is that not all attributes are in the GC, so if you want those that aren't, the AD admin would have to flag them for inclusion. -- John Gasper IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef From: Chris Irwin <[email protected]<mailto:[email protected]>> Reply-To: <[email protected]<mailto:[email protected]>> Date: Friday, August 7, 2015 at 6:22 AM To: <[email protected]<mailto:[email protected]>> Subject: [cas-user] CAS 4.0.3 authentication with a child domain I have CAS 4.0.3 configured to authenticate to Active Directory. After some pain I got this up and working with accounts in the root domain. I also have accounts in a child domain that I would like to authenticate. Could anyone point me in the right direction here? Can I set up a secondary LDAP source? Should I get an LDAP referral? If so, can CAS follow it? Chris -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
