I recently migrated to CAS 4.0 using LDAP. I didn’t need nor use the sslConfig attribute or bean. As for the search filter, the documentation uses {user} instead of %u. That’s also what I used and it worked.
The only places I deviated from the documentation you linked to (for the LDAP Requiring Authenticated Search section) were: 1) I didn’t use sslConfig 2) I had to set subtreeSearch to true on my org.ldaptive.auth.PooledSearchDnResolver 3) Some of the properties in the xml config don’t match the properties file below (e.g. ${ldap.managerDn} and ${ldap.managerPassword} in the xml, but ${ldap.authn.managerDN} and ${ldap.authn.managerPassword} in the properties file), so I had to verify those were all named the same thing. 4) I had to add an org.ldaptive.auth.SearchEntryResolver to org.ldaptive.auth.Authenticator to handle objectGuid. 5) changed %u to {user} in my search filter. If we do not have ssl connection for ldap, is the following config necessary: <bean id="connectionConfig" class="org.ldaptive.ConnectionConfig" p:ldapUrl="${ldap.url}" p:connectTimeout="${ldap.connectTimeout}" p:useStartTLS="${ldap.useStartTLS}" p:sslConfig-ref="sslConfig"/> <bean id="sslConfig" class="org.ldaptive.ssl.SslConfig"> <property name="credentialConfig"> <bean class="org.ldaptive.ssl.X509CredentialConfig" p:trustCertificates="${ldap.trustedCert}" /> </property> </bean> Also our ldap parameters were as following: ldap.userDn=uid=admin,ou=People,o=organization ldap.search.filter=uid=%u,ou=People,o=organization ldap.host.name=ldap://as1.organization.com:389 ldap.manager.password=password12345 Do we need any changes in ldap.userDn, ldap.search.filter values for CAS 4.0? If there is any guide/document related to CAS 4.0 with ldap setup, please provide reference url. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user