Chris, In my setup, I did not configure the management webapp to use LDAP directly. Rather, I set it up to authenticate against the CAS server, and just use the userPropertiesFile to control who can actually log into it. I used the same "admusers.properties" file that I used to control access to the admin pages (dashboard, etc.) since for us it's the same set of users for both, but you can use different files for each if you want.
Since we only have a handful of people who will use the management webapp (or the admin pages), and the list doesn't change very often, this seemed like a simpler approach than messing around with LDAP groups, etc. Just a thought...YMMV of course. --Dave -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • david.cu...@newschool.edu [image: The New School] On Fri, Feb 9, 2018 at 11:52 AM, Cheltenham, Chris < ccheltenham-...@philasd.org> wrote: > Thanks Travis, > > > > I am using David Curry’s docs. > > I don’t understand the CAS docs from Apereo. > > I think they document with the thinking of a developer, which I am not. > > Therefore, I have a lot of trouble understanding them. > > > > I appreciate your help. > > > > > > =========================== > > Thank You; > > Chris Cheltenham > Technology Services > The School District of Philadelphia > > Work # 215-400-5025 > Cell # 215-301-6571 > > *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *Travis > Schmidt > *Sent:* Friday, February 9, 2018 11:08 AM > *To:* cas-user@apereo.org > *Subject:* Re: [cas-user] cas 5 management > > > > Here is a link to getting started with CAS Management with 5.2.x > > > > https://apereo.github.io/cas/5.2.x/installation/Installing- > ServicesMgmt-Webapp.html > > > > As far as LDAP is concerned, it is mostly a preference. The management > app will contact a CAS Server for authenticating a user in whichever way > you have it set up. For the management app you usually only have a few > people authorized to use it, so users.json or static list is an acceptable > way to limit who can use it. The management app can be configured to call > back to LDAP and query for the ROLE_* attributes on the authenticated user, > but in my opinion is a lot more work to make something dynamic that is > mostly static. > > > > > > > > On Fri, Feb 9, 2018 at 7:13 AM Cheltenham, Chris < > ccheltenham-...@philasd.org> wrote: > > Hello , > > > > I have embarked on building cas-management via the overlay. > > I am assuming you build a totally separate war file with the ldapp > dependency is you use ldap. > > > > Is that correct? > > > > > > > > =========================== > > Thank You; > > Chris Cheltenham > Technology Services > The School District of Philadelphia > > Work # 215-400-5025 <(215)%20400-5025> > Cell # 215-301-6571 <(215)%20301-6571> > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/008401d3a1b8%249791de50% > 24c6b59af0%24%40philasd.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/008401d3a1b8%249791de50%24c6b59af0%24%40philasd.org?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/CAC_RtEZmsgzrQq82Dg4r_QR- > 27U6v4EbG8O-qq2eXmE_GKeZng%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAC_RtEZmsgzrQq82Dg4r_QR-27U6v4EbG8O-qq2eXmE_GKeZng%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/00b001d3a1c6%2463677f00% > 242a367d00%24%40philasd.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/00b001d3a1c6%2463677f00%242a367d00%24%40philasd.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOEFf86xCk4%3DPry%2B7JxQ1CphYv3dWXc%2BHgBXUYTn7doFQ%40mail.gmail.com.
