Hello group, We have a working installation of CAS 5.2.9 authenticating against Active Directory.
However, we have noticed we are able to authenticate using credentials of a user outside the BaseDN, including the bind user. How can we fix this? Below are my authn.ldap configuration entries: ldap[0]: baseDn: OU=Users,DC=domain3,DC=domain2,DC=domain1 bindCredential: bindpassword bindDn: bind blockWaitTime: 5000 connectTimeout: 5000 dnFormat: '%[email protected]' failFast: true idleTime: 5000 ldapUrl: ldap://adserver maxPoolSize: 10 minPoolSize: 3 principalAttributeId: sAMAccountName principalAttributeList: sAMAccountName,displayName,givenName,mail,distinguishedName prunePeriod: 5000 subtreeSearch: true type: AD useSsl: false useStartTls: false userFilter: (sAMAccountName={user}) validateOnCheckout: true validatePeriod: 600 validatePeriodically: true -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/114358b8-06ff-4931-aa57-05060b6a01c7n%40apereo.org.
