Given that our users sometimes interpret "username" to be their email address, we added this ldap filter to our user matching: cas.authn.ldap[0].searchFilter=(|(uid={user})(mail={user}))
That way, if they enter either "username" or "usern...@whitman.edu" they'll be found correctly. We've just discovered that we missed doing this in a separate ldap database lookup for an MFA attribute, and this got me thinking: Is there a similar configuration variable for the Principal-Id attribute that gets returned like the above "{user}"? Maybe "{principalId}"? I searched through the documentation the best I could, but "user" is pretty generic, and it seemed the brackets were (rightly) being ignored. If such a thing were to exist, we could collapse down to something like this: cas.authn.attributeRepository.ldap[0].searchFilter=(sAMAccountName={principalId}) -Mike -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEdMQHWScMJFNPMMwrx2YuETFNFz_k-mUe7H67DYtYSbkz%2BQow%40mail.gmail.com.