[EMAIL PROTECTED] wrote: > > If you have user-provided credentials that authenticate against a > directory, why _wouldn't_ you use them for principal lookup and > attribute retrieval?
Because there might be tight access control configured at the directory server which does not allow the end-user who logs in to search all user entries. So searching for user entries should be done with a special service user account for CAS. This is also helpful when looking at the directory server's logs. Ciao, Michael. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
