HI! I've configured CredentialsToLDAPAttributePrincipalResolver like described on http://www.ja-sig.org/wiki/display/CASUM/Attributes and up to now it works for user name password login (map credential name samAccountName to value of attribute 'employeeNumber' as principal name).
During setup I noticed that it does not work if LDAPv3 referrals are also received (typically when using the AD domain's DN as search root). I had to configure it to search below cn=Users,<domain-DN> where no referrals are returned. The problem is that it might be impossible to avoid the referrals if a more complex ou-structure is present directly under domain-DN. So CAS should simply ignore the referrals/search continuations returned just validating the search result entry returned. Should I file this as bug/enhancement in the issue tracker? Ciao, Michael. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
