> But, now, all users in the LDAP directory can authenticate and we don't > want. Only person with OFFI(CIAL) status must be allow to authenticate. > Any body have an idea on how i can filter users or how i can use > BindLdapAuthenticationHandler?
You must use BindLdapAuthenticationHandler to accomplish your goal. Simply define an LDAP filter like the following: <property name="filter" value="(&(uid=%u)(status=OFFI))" /> You need to know your directory schema well in order to craft the precise filter. Active Directory would typically use sAMAccountName instead of uid for the attribute holding the username, for example. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
