Actually the page is correct. Principal and Attribute resolution are not part of the AuthenticationHandlers specified on that page.
If you're looking up additional privileged information in later steps (i.e. resolving the principal to another id) then yes you may need a privileged user to look up that information. However, Fast Bind does not need that user. -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Thu, Aug 14, 2008 at 8:41 AM, <[EMAIL PROTECTED]> wrote: > > Sandor, > > Be aware that even tho the page Scott mentions says that you don't need > bind credentials if you use the FastBind handler - that's only partly true. > > There are three connections in a full authentication (assuming you use > FastBind. Presumably four if you don't.) : > 1) auth the user's credentials. This one is indeed made without needing a > bind account. > 2) look up the principal (as specified in the > credentialsToPrincipalResolver) > 3) look up the attributes (as specified in the attributeRepository) using > the principal that was found in step 2. > > The second and third connections are made anonymously (does your AD allow > anonymous search?) if you have not provided a bind account. I mention this > because I banged my head against it for quite a while before figuring out > what was going on. > > > Ann > > ------ > G. Ann Campbell > Systems Engineer > Shaw Industries > > > > > *"Scott Battaglia" <[EMAIL PROTECTED]>* > Sent by: [EMAIL PROTECTED] > > 08/14/2008 07:31 AM > Please respond to > Yale CAS mailing list <[email protected]> > > To > "Yale CAS mailing list" <[email protected]> > cc > Subject > Re: CAS LDAP Auth > > > > > This should help:* > **http://www.ja-sig.org/wiki/display/CASUM/LDAP*<http://www.ja-sig.org/wiki/display/CASUM/LDAP> > > (it also shows up as the 8th item in a Google search, which is kind of > low...anyone here a SEO-type person? ;-)) > > > On Thu, Aug 14, 2008 at 5:21 AM, Sandor Nemeth <* > [EMAIL PROTECTED] <[EMAIL PROTECTED]>> wrote: > Hy all, > > I'm pretty new to CAS and I'm looking forward to gather some information > about connection CAS and a MS Active Directory Server. > > I googled for now a couple of hours, but I could not receive any solution > about my problem. How can I ( if I can ) configure an LDAP Server in CAS? Or > if I'm not, where should I configure it? > > I found users in some mailing list archives, but there are links pointing > to 404 pages. I suppose, there was a solution to my problem, but I cannot go > on as I'm not able to find the new location of these pages. > > Regards, > Sandor Nemeth > > _______________________________________________ > Yale CAS mailing list* > [EMAIL PROTECTED] <[email protected]>* > **http://tp.its.yale.edu/mailman/listinfo/cas*<http://tp.its.yale.edu/mailman/listinfo/cas> > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > ********************************************************** > Privileged and/or confidential information may be contained in this message. > If you are not the addressee indicated in this message (or are not > responsible for delivery of this message to that person) , you may not copy > or deliver this message to anyone. In such case, you should destroy this > message and notify the sender by reply e-mail. > If you or your employer do not consent to Internet e-mail for messages of > this kind, please advise the sender. > Shaw Industries does not provide or endorse any opinions, conclusions or > other information in this message that do not relate to the official business > of the company or its subsidiaries. > ********************************************************** > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
