Hey Tom, Thanks for your input. I noticed on Jasig wiki that LDAP and your mentioned JAAS are two different options for configuring CAS authentication. However, we need to set up our CAS to check user credentials against our LDAP directory. Did you actually rebuild the CAS by using Maven2? I skipped this step and directly deployed the modules/cas-server-webapp-3.5.1.war into Tomcat container. But the CAS failed to start in Tomcat after I tried to configure deployerConfigContext.xml based on their documents. I am currently working with our system team to install maven and then try rebuilding the CAS project in case it generates more dependencies in the war bundle.
Best Regards! Larry -----Original Message----- From: Tom Poage [mailto:tfpo...@ucdavis.edu] Sent: Friday, June 14, 2013 2:32 PM To: cas-user@lists.jasig.org Subject: Re: [cas-user] CAS + LDAP initialisation error Unless you need/want attributes, FWIW I didn't see any meaningful difference in performance (with our site anyway) between wiring up the 'native' CAS LDAP adapter (fast bind) and using JAAS/LDAP. The latter was fairly simple: - set up JaasAuthenticationHandler in deployerConfigContext.xml - configure your environment as necessary for the JAAS config file e.g. -Djava.security.auth.login.config=/some/path/login.config - the JAAS config file (direct/fast bind): CAS { edu.vt.middleware.ldap.jaas.LdapLoginModule sufficient ldapUrl="ldap://yourhost.foo.edu" tls="true" baseDn="cn=mycontainer,dc=foo,dc=edu" constructDn="true"; }; Note that this setup makes/drops a new connection to the directory for each authentication (JAAS docs say it should do so for good reason), i.e. connection pooling does not apply. StartTLS for our directory was actually faster than ldaps. Caveat: I'm fairly new to CAS. Tom. On Jun 14, 2013, at 10:45 AM, Larry <zhan...@duq.edu> wrote: > Hi Shashank, > > We are in the process of setting up a standalone CAS server with > version > 3.5.1 and we ran into the same problem as you described. Their > documents just miss a lot of important details and very confusing. Did > you ever fix the problem? And how? Any insight and advice will be much > appreciated! -- You are currently subscribed to cas-user@lists.jasig.org as: zhan...@duq.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user