Awesome thanks. On Wednesday, November 23, 2016 at 11:06:39 AM UTC-7, Misagh Moayyed wrote: > > The second. > > > > --Misagh > > > > *From:* Eric Allen [mailto:truc...@gmail.com <javascript:>] > *Sent:* Wednesday, November 23, 2016 10:53 AM > *To:* jasig-cas-user <jasig-c...@googlegroups.com <javascript:>> > *Cc:* cas-...@apereo.org <javascript:>; mmoa...@unicon.net <javascript:> > *Subject:* Re: [cas-user] CAS 5 - ldap multiple OUs > > > > To use that method would it look something like this? > > > > cas.authn.Ldap[0].type=AD > > cas.authn.Ldap[0].LdapUrl=https://ldap.example.org > > cas.authn.Ldap[0].baseDn=dc=example,dc=org > > cas.authn.Ldap[0].userFilter=cn={user} > > cas.authn.Ldap[0].bindDn=cn=cas_user,ou=utility,dc=example,dc=org > > cas.authn.Ldap[0].bindCredential=caspass > > cas.authn.Ldap[0].principalAttributeId=sAMAccountName > > cas.authn.Ldap[0].dnFormat=cn=%s,ou=users,dc=example,dc=org > > cas.authn.Ldap[1].dnFormat=cn=%s,ou=people,dc=example,dc=org > > > > or like > > cas.authn.Ldap[0].type=AD > > cas.authn.Ldap[0].LdapUrl=https://ldap.example.org > > cas.authn.Ldap[0].baseDn=dc=example,dc=org > > cas.authn.Ldap[0].userFilter=cn={user} > > cas.authn.Ldap[0].bindDn=cn=cas_user,ou=utility,dc=example,dc=org > > cas.authn.Ldap[0].bindCredential=caspass > > cas.authn.Ldap[0].principalAttributeId=sAMAccountName > > cas.authn.Ldap[0].dnFormat=cn=%s,ou=users,dc=example,dc=org > > > > cas.authn.Ldap[1].type=AD > > cas.authn.Ldap[1].LdapUrl=https://ldap.example.org > > cas.authn.Ldap[1].baseDn=dc=example,dc=org > > cas.authn.Ldap[1].userFilter=cn={user} > > cas.authn.Ldap[1].bindDn=cn=cas_user,ou=utility,dc=example,dc=org > > cas.authn.Ldap[1].bindCredential=caspass > > cas.authn.Ldap[1].principalAttributeId=sAMAccountName > > cas.authn.Ldap[1].dnFormat=cn=%s,ou=people,dc=example,dc=org > > > > > On Wednesday, November 23, 2016 at 9:27:32 AM UTC-7, Misagh Moayyed wrote: > > You may have missed the obvious, which is that that index “[0]” is meant > to be incremented by you to support additional blocks and ldap authN > schemes. So you what you can do is define a [1], repeat your settings more > or less and just narrow the base for both 0 and 1 to those OUs you care > about. > > > > Or you come up with a fancier filter. > > > > --Misagh > > > > *From:* cas-...@apereo.org [mailto:cas-...@apereo.org] *On Behalf Of *Eric > Allen > *Sent:* Tuesday, November 22, 2016 6:03 PM > *To:* CAS Community <cas-...@apereo.org> > *Subject:* [cas-user] CAS 5 - ldap multiple OUs > > > > I'm currently stuck on how to setup authentication for two OUs in the same > LDAP connector. I want to allow only the users that are in these two OUs > but not others. > > The two OUs that I want to authenticate against are > ou=users,dc=example,dc=org and ou=people,dc=example,dc=org. I'm using > example.org to keep the examples easier to understand. > > I can get one OU to work just fine. Current config > > > > cas.authn.Ldap[0].type=AD > > cas.authn.Ldap[0].LdapUrl=https://ldap.example.org > > cas.authn.Ldap[0].baseDn=dc=example,dc=org > > cas.authn.Ldap[0].userFilter=cn={user} > > cas.authn.Ldap[0].bindDn=cn=cas_user,ou=utility,dc=example,dc=org > > cas.authn.Ldap[0].bindCredential=caspass > > cas.authn.Ldap[0].principalAttributeId=sAMAccountName > > cas.authn.Ldap[0].dnFormat=cn=%s,ou=users,dc=example,dc=org > > > > > > I have tried with mulitple different options for the dnFormat trying > ldapsearch strings but to no success. Any suggestions on limiting access > to two OUs? > > > > Thanks > > Eric > > > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: > https://apereo.github.io/cas/Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+u...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/74eb0615-fab6-4abb-b62e-30f9277ab341%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/74eb0615-fab6-4abb-b62e-30f9277ab341%40apereo.org?utm_medium=email&utm_source=footer> > . > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: > https://apereo.github.io/cas/Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+u...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/00e001d245a6%2479312fc0%246b938f40%24%40unicon.net > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/00e001d245a6%2479312fc0%246b938f40%24%40unicon.net?utm_medium=email&utm_source=footer> > . > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: > https://apereo.github.io/cas/Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+u...@apereo.org <javascript:>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/012f01d245b4%24504402f0%24f0cc08d0%24%40unicon.net > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/012f01d245b4%24504402f0%24f0cc08d0%24%40unicon.net?utm_medium=email&utm_source=footer> > . >
-- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ece50700-44b5-495a-bc65-04ecfc069fe1%40googlegroups.com.
