CAS3 is structured to separate authentication from populating user attributes.
Your authentication should rely on an LDAPAuthenticationHandler pluged to AD (see http://www.ja-sig.org/wiki/display/CASUM/LDAP ) and populating the principal should rely on CredentialsToLDAPAttributePrincipalResolver pluged to your OpenLDAP (see http://www.ja-sig.org/wiki/display/CASUM/Attributes ) Romain Kevin Foote a écrit : > Hi all > Im interested in finding out if CAS3 is able to meld separate ldap > directories together upon one successful authentication. > > Here is my basis of needing this. We use MSAD for our authn functions. > This ldap directory contains very little attribute data about a given > EID. (NO first, last, email, etc etc) However we do store group info > in the MemberOf field which I would need to parse out to get a user > type. > Our second ldap (openldap) stores all the user attributes for a given > user first, last, email, address, phone etc etc. .. NO group > membership, NO > authn capabilities. > > I believe shibboleth can do something like this .. joining of > separate directories. I'm wondering if CAS3 can do this alone at its > present state. > >>From the user perspective the authn would happen and then all their > current attributes would be populated behind the scene using both of > the > ldap directories. > > Is this do able ?? > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
