Hi Scott, Scott Battaglia a écrit : > Thomas, > > Will the user show up in more than one search base?
Two users stored in different search bases could have the same uid. So if by 'user' you mean its ldap 'uid', then unfortunately yes, he might show up in more than one search base. So my concern is focused on targeting the proper searchBase when having the user's credentials (login+password), which are not always unique + 'something else' to make it unique (could be a url param, or an extra attribute of services registered on the CAS server). > If the answer is yes, then you probably will need to write some custom > code, or to extend the LDAP authentication handlers (there is a way to > override just one method that returns what to search for). Ok, I guess I'll have to explore that way, and implement this 'something else' mentioned above, that I'm lacking. Thanks for your answer! Thomas > If the answer is no, you could add multiple LDAP handlers to the list > with the appropriate search base. > > -Scott > > On Sat, Apr 26, 2008 at 9:15 AM, Thomas Belliard <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > Hi, > I'm trying to setup CAS 3.2.1 so that it tries to authenticate users on > different LDAP searchBase values (on the same server) based on the > requesting service, using an extra url parameter. I would end up with > something like this in the deployerConfigContext.xml : > > <bean > class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" > > <property name="filter" value="uid=%u" /> > <property name="searchBase" > value="ou=people,dc=%extra_url_param,dc=domain,dc=tld" /> > <property name="contextSource" ref="contextSource" /> > </bean> > > Any idea whether this can be done just by playing around in the config > files, without actually hacking any code? > > The alternative would be to run multiple instances of CAS on the same > server (each with their own proper searchBase), which might in fact be a > better scheme, from a security point of view... > > Thanks, > Thomas > > _______________________________________________ > Yale CAS mailing list > [email protected] <mailto:[email protected]> > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > -- > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > ------------------------------------------------------------------------ > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
