To use the GC, yes, you generally just need to change the port to start testing. You may need to adjust your search base if the current doesn¹t line up properly.
As for a second LdapAuthenticationHandler, I don¹t have any specific docs (other than might was be in the Github docs, but yes, add a second element. -- John Gasper IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef From: Chris Irwin <[email protected]> Reply-To: <[email protected]> Date: Friday, August 7, 2015 at 1:51 PM To: <[email protected]> Subject: RE: [cas-user] CAS 4.0.3 authentication with a child domain John, I appreciate the response. I¹m pretty new to this, any chance you could point me to a doc on how to set either option up? I assume that we add an element in the LdapAuthenticationHandler to enable a 2nd source? Using the GC may be enough, do I just need to change the port I¹m using to 3268? Chris From: John Gasper [mailto:[email protected]] Sent: Friday, August 7, 2015 12:54 PM To: [email protected] Subject: Re: [cas-user] CAS 4.0.3 authentication with a child domain Hi Chris, You can create a secondary LDAP source or use AD¹s Global Catalog port/config. Using the Global Catalog you don¹t have to worry about referrals. The down side is that not all attributes are in the GC, so if you want those that aren¹t, the AD admin would have to flag them for inclusion. -- John Gasper IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef From: Chris Irwin <[email protected]> Reply-To: <[email protected]> Date: Friday, August 7, 2015 at 6:22 AM To: <[email protected]> Subject: [cas-user] CAS 4.0.3 authentication with a child domain I have CAS 4.0.3 configured to authenticate to Active Directory. After some pain I got this up and working with accounts in the root domain. I also have accounts in a child domain that I would like to authenticate. Could anyone point me in the right direction here? Can I set up a secondary LDAP source? Should I get an LDAP referral? If so, can CAS follow it? Chris -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
