CAS Release 5.2.3 did not fix the issues I encounter with services in
DynamoDB. I would really like to know if people were able to use it!
Le lundi 26 février 2018 16:46:31 UTC-5, Marc Dufour a écrit :
>
> Hello all,
>
> We're in the process of migrating our old 3.5.2 CAS setup to a
You can restrict the users able to authenticate with CAS if you have to,
I'm just saying that it may not be only way. Your reality is different than
mine.
As for the attributes: they are passed to the application, or in CAS
terminology, the service. principalAttributeList contains the
Atlassian has a nice paper on how to write LDAP
filters:
https://confluence.atlassian.com/kb/how-to-write-ldap-search-filters-792496933.html
and should help you if you want to restrict the users able to authenticate
with CAS.
The way I see this, CAS should authenticate the user (wide open to
sn is an attribute in the AD schema used to store the last name of the user.
I did a quick search in Google and found this info that could help
you:
http://www.computerperformance.co.uk/Logon/LDAP_attributes_active_directory.htm
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom:
Kevin,
Have you tried to add more logs? I added this in my log config file to help
debug my LDAP problems:
As for the OU membership, maybe you could add that to the user filter.
Le mardi 27 février 2018 11:11:12 UTC-5, Kevin Liu a écrit :
>
> Hello All,
>
> Is there a way to see
rOf,cn? Rather what is the
> principalAttributeList?
> For your bindDN and bindCredentials, are you using an authenticating admin
> account or the user who's trying to get in?
>
> On Tuesday, February 27, 2018 at 7:54:08 AM UTC-6, Marc Dufour wrote:
>>
>>
Kevin, here are the properties that are working for me.
cas.authn.ldap[0].order=0
cas.authn.ldap[0].name=AD
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldaps://servername:3269
cas.authn.ldap[0].useSsl=true
cas.authn.ldap[0].connectTimeout=5000
Since my DN is not fixed as I authenticate users at the Forest level, I
could not use AD and used AUTHENTICATED instead, and
used cas.authn.ldap[0].userFilter=(userPrincipalName={user}) as filter,
with subtreeSearch set to true, and was able to authenticate on two
different domains (but this
Hello all,
We're in the process of migrating our old 3.5.2 CAS setup to a more recent
version (5.2.2) and I'm testing different storage solutions for the service
registry.
So far, I was not able to use DynamoDB, and was wondering if anyone had
success with it. I'm guessing that it should
