Barry, Besides modifying the schema, I think there's still other ways you can check case-sensitive uid such as: String loggedUid = (String) searchResult.getAttributes().get("uid").get(0); if (uid.equals(loggedUid)) { // uid is the same } else { // uid is not the same }
Here, searchResult is javax.naming.directory.SearchResult returned from a successfully bind. Regards, Shi Yusen/Beijing Langhua Ltd. 在 2009-04-17五的 09:42 -0400,Barry Silk写道: > Shi, > > Thanks for your suggestion. However, it turns out that <property > name="filter" value="uid:caseExactmatch:=%u" /> for the LDAP handler bean > does not work for the ApacheDS LDAP. > > The solution I've come up with does not involve CAS: change the "uid" > object's m-equality attribute in the LDAP schema from "caseIgnoreMatch" to > "caseExactMatch" -- this produces the desired case-sensitive authentication. > > Barry Silk > ________________________________________ > From: Shi Yusen [sh...@langhua.cn] > Sent: Tuesday, April 14, 2009 3:08 PM > To: cas-user@lists.jasig.org > Subject: Re: [cas-user] How to configure CAS for case-sensitive userid > > I use this config for OpenLDAP: > <property name="filter" value="uid:caseExactmatch:=%u" /> > > Perhaps you can try it for your LDAP. > > Regards, > > Shi Yusen/Beijing Langhua Ltd. > > > 在 2009-04-14二的 10:43 -0400,Barry Silk写道: > > Can anyone offer advice on how to configure CAS for case-sensitive userids? > > The current behavior of CAS, server version 3.2.1, is to accept any > > combination of uppercase and lowercase letters that makeup the userid. For > > example, "admin" is treated the same as "AdMIn" or "adMIN" when providing a > > username/password and will be authenticated, even though only the "admin" > > is stored in the LDAP. The desired behavior is to treat "admin", "AdMIn", > > and "adMIN" as three separate userids and reject a login attempt with the > > wrong case. > > > > >From a little research, it appears that it may be a matter of configuring > > >the LDAP handler bean with the right filter. The bean is currently > > >configured as follows: > > > > <bean id="ldapHandler" > > class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> > > <property name="filter" > > value="uid=%u" /> > > ... > > </bean> > > > > Can anyone provide the proper way to configure this bean for > > case-sensitivity or is there something else that needs to be done? > > > > Thanks! > > Barry Silk > > > > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > bs...@oberonassociates.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user