Ann, If you cannot convince your company to create an account strictly for authentication credentials from CAS, you will probably have to roll your own solution for the moment. The only LDAP authentication handlers currently available are FastBind and Bind, which work anonymously or use a configured username / password.
Sorry =( A- On 7/30/08 7:36 AM, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > > Hi, > > New to the list. I've scanned the archives & not really seen this topic > covered, but forgive me if it's old ground. > > I'm trying to set CAS up to hit an Active Directory server via LDAP. > > Started at the LDAP page in the manual > (http://www.ja-sig.org/wiki/display/CASUM/LDAP) and figured the FastBind auth > handler was exactly what I needed - instead of a role account, you hit the > directory with the user's own credentials. > > And as far as it goes, that part works perfectly. But I see in my Wireshark > logs that CAS is authenticating with the user's credentials, then UNbinding. > Then trying to bind anonymously for the principal lookup. Unfortunately > anonymous search is disallowed on this directory. As are (by policy) role > accounts. End result: "your credentials aren't authentic." > > So... Is there a way to make the out-of-the-box pieces re-use the user's > credentials for the second bind attempt? A way to make it all happen with the > first bind? Am I muffing the configuration? Or will I need to roll my own > solution? > > > Many Thanks, > Ann > > ------ > G. Ann Campbell > Systems Engineer > Shaw Industries > > ********************************************************** > Privileged and/or confidential information may be contained in this message. > If you are not the addressee indicated in this message (or are not responsible > for delivery of this message to that person) , you may not copy or deliver > this message to anyone. In such case, you should destroy this message and > notify the sender by reply e-mail. > If you or your employer do not consent to Internet e-mail for messages of this > kind, please advise the sender. > Shaw Industries does not provide or endorse any opinions, conclusions or other > information in this message that do not relate to the official business of the > company or its subsidiaries. > ********************************************************** > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas -- Andrew R. Feller, Analyst Information Technology Services 200 Fred Frey Building Louisiana State University Baton Rouge, LA 70803 (225) 578-3737 (Office) (225) 578-6400 (Fax)
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
