On 3/10/11 11:50 AM, Marvin Addison wrote:
The way I'm thinking it would work could be if CAS would query the LDAP
directory based on a username/password combo and return something globally
unique as the uid.
Problem is that I'm not aware of any directory that exposes the
password hash as a standard attribute that would allow you to
construct a search filter that would comprise the unique pair you're
after. While in theory it would work fine, in practice there's no
directory that would support it.
It is somewhat common to allow compare on userPassword, which would
accomplish your goal. However, I wouldn't endorse that solution. If you
need a unique identifier it should be assigned, not derived.
--Daniel Fisher
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
