RE:[cas-user] MOD_AUTH_CAS ,REMOTE_USER length limit

Thu, 05 Nov 2015 11:34:31 -0800 

I think I got the issue why it happens. We use Active Directory Authentication 
though ldaptive. The principlaIdAttribute is based on sAMAccountName which has 
20 character limits.

http://jasig.github.io/cas/4.1.x/installation/LDAP-Authentication.html#active-directory-authentication

<bean id="ldapAuthenticationHandler"
      class="org.jasig.cas.authentication.LdapAuthenticationHandler"
      p:principalIdAttribute="sAMAccountName"
      c:authenticator-ref="authenticator">
    <property name="principalAttributeMap">
        <map>
            <!--
               | This map provides a simple attribute resolution mechanism.
               | Keys are LDAP attribute names, values are CAS attribute names.
               | Use this facility instead of a PrincipalResolver if LDAP is
               | the only attribute source.
               -->
            <entry key="displayName" value="displayName" />
            <entry key="mail" value="mail" />
            <entry key="memberOf" value="memberOf" />
        </map>
    </property>
</bean>


https://msdn.microsoft.com/en-us/library/ms679635%28v=vs.85%29.aspx

CN

SAM-Account-Name

Ldap-Display-Name

sAMAccountName

Size

20 characters or less.




From: Song, Doe-Hyun
Sent: Thursday, November 05, 2015 8:48 AM
To: 'cas-user@lists.jasig.org'
Subject: MOD_AUTH_CAS ,REMOTE_USER length limit

Hello All,

I noticed REMOTE_USER is truncated to 20 character limits. How can I modify the 
limit ?






The information contained in this e-mail and any attachments is confidential and
intended only for the recipient. If you are not the intended recipient, the
information contained in this message may not be used, copied, or forwarded to
third parties or otherwise distributed for any other purpose. Please notify the
sender if you received this e-mail in error and delete the e-mail and its
attachments promptly.  Nothing in this e-mail may be used or deemed to form the
basis of a contractual or any other legally binding obligation unless separately
confirmed in writing by an authorized representative of ARMADA.

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to