Given that our users sometimes interpret "username" to be their email
address, we added this ldap filter to our user matching:
cas.authn.ldap[0].searchFilter=(|(uid={user})(mail={user}))
That way, if they enter either "username" or "usern...@whitman.edu" they'll
be found correctly.
We've just discovered that we missed doing this in a separate ldap database
lookup for an MFA attribute, and this got me thinking: Is there a similar
configuration variable for the Principal-Id attribute that gets returned
like the above "{user}"? Maybe "{principalId}"? I searched through the
documentation the best I could, but "user" is pretty generic, and it seemed
the brackets were (rightly) being ignored.
If such a thing were to exist, we could collapse down to something like
this:
cas.authn.attributeRepository.ldap[0].searchFilter=(sAMAccountName={principalId})
-Mike
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEdMQHWScMJFNPMMwrx2YuETFNFz_k-mUe7H67DYtYSbkz%2BQow%40mail.gmail.com.
