I recently migrated to CAS 4.0 using LDAP. I didn’t need nor use the sslConfig
attribute or bean. As for the search filter, the documentation uses {user}
instead of %u. That’s also what I used and it worked.
The only places I deviated from the documentation you linked to (for the LDAP
Requiring Authenticated Search section) were:
1) I didn’t use sslConfig
2) I had to set subtreeSearch to true on my
org.ldaptive.auth.PooledSearchDnResolver
3) Some of the properties in the xml config don’t match the properties file
below (e.g. ${ldap.managerDn} and ${ldap.managerPassword} in the xml, but
${ldap.authn.managerDN} and ${ldap.authn.managerPassword} in the properties
file), so I had to verify those were all named the same thing.
4) I had to add an org.ldaptive.auth.SearchEntryResolver to
org.ldaptive.auth.Authenticator to handle objectGuid.
5) changed %u to {user} in my search filter.
If we do not have ssl connection for ldap, is the following config necessary:
<bean id="connectionConfig" class="org.ldaptive.ConnectionConfig"
p:ldapUrl="${ldap.url}"
p:connectTimeout="${ldap.connectTimeout}"
p:useStartTLS="${ldap.useStartTLS}"
p:sslConfig-ref="sslConfig"/>
<bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
<property name="credentialConfig">
<bean class="org.ldaptive.ssl.X509CredentialConfig"
p:trustCertificates="${ldap.trustedCert}" />
</property>
</bean>
Also our ldap parameters were as following:
ldap.userDn=uid=admin,ou=People,o=organization
ldap.search.filter=uid=%u,ou=People,o=organization
ldap.host.name=ldap://as1.organization.com:389
ldap.manager.password=password12345
Do we need any changes in ldap.userDn, ldap.search.filter values for CAS 4.0?
If there is any guide/document related to CAS 4.0 with ldap setup, please
provide reference url.
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
