Hi, New to the list. I've scanned the archives & not really seen this topic covered, but forgive me if it's old ground.
I'm trying to set CAS up to hit an Active Directory server via LDAP. Started at the LDAP page in the manual (http://www.ja-sig.org/wiki/display/CASUM/LDAP) and figured the FastBind auth handler was exactly what I needed - instead of a role account, you hit the directory with the user's own credentials. And as far as it goes, that part works perfectly. But I see in my Wireshark logs that CAS is authenticating with the user's credentials, then UNbinding. Then trying to bind anonymously for the principal lookup. Unfortunately anonymous search is disallowed on this directory. As are (by policy) role accounts. End result: "your credentials aren't authentic." So... Is there a way to make the out-of-the-box pieces re-use the user's credentials for the second bind attempt? A way to make it all happen with the first bind? Am I muffing the configuration? Or will I need to roll my own solution? Many Thanks, Ann ------ G. Ann Campbell Systems Engineer Shaw Industries ********************************************************** Privileged and/or confidential information may be contained in this message. If you are not the addressee indicated in this message (or are not responsible for delivery of this message to that person) , you may not copy or deliver this message to anyone. In such case, you should destroy this message and notify the sender by reply e-mail. If you or your employer do not consent to Internet e-mail for messages of this kind, please advise the sender. Shaw Industries does not provide or endorse any opinions, conclusions or other information in this message that do not relate to the official business of the company or its subsidiaries. **********************************************************
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
