I am a newbie to CAS. I just installed 5.2 using Maven. I successfully logged in via the test account of causer. But now I want to get ldap against active directory working. I successfully installed the dependencies and that seems ok. My issue is with configuring cas.properties. I read on-line that if I use type=AD, I need to use dnFormat? Is that true? I don’t really understand how that entry should look.
Also, I would like to use SSL or TLS. Not sure if certs are necessary for at least establishing encryption. Can someone share with me the necessary settings for getting ldap to auth against AD. I seem to be struggling with what I particularly need to get ldap to work against AD. And if I need dnFormat, I could use an example of how that should look. Below is my config related to ldap. cas.authn.ldap[0].type=AD cas.authn.ldap[0].ldapUrl=ldaps://bcdc3.beloit.edu cas.authn.ldap[0].connectionStrategy= cas.authn.ldap[0].useSsl=true cas.authn.ldap[0].useStartTls=false cas.authn.ldap[0].connectTimeout=5000 cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].baseDn=dc=its,dc=beloit,dc=edu cas.authn.ldap[0].userFilter=cn={sAMAccountName} cas.authn.ldap[0].bindDn=CN=ldapadmin,CN=Users,DC=its,DC=beloit,DC=edu cas.authn.ldap[0].bindCredential=xxxxxxxx #cas.authn.ldap[0].enhanceWithEntryResolver=false #cas.authn.ldap[0].dnFormat=%s,dc=its,dc=beloit,dc=edu #cas.authn.ldap[0].principalAttributeId=sAMAccountName #cas.authn.ldap[0].principalAttributePassword=password Tim Tyler Network Engineer Beloit College -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/22394f2759232d0a1e53c6d61f841f82%40mail.gmail.com.