Thanks for your information Bob. I have succeeded on integrating LDAP with CAS 4.0 some time back. I have used LDAP Supporting Direct Bind configuration without SSL and pooling.
I would post the steps soon. Thanks, Sunil On Tuesday, June 3, 2014 11:13:06 PM UTC+5:30, Lapanja, Bob@POST wrote: > > I recently migrated to CAS 4.0 using LDAP. I didn’t need nor use the > sslConfig attribute or bean. As for the search filter, the documentation > uses {user} instead of %u. That’s also what I used and it worked. > > > > The only places I deviated from the documentation you linked to (for the > LDAP Requiring Authenticated Search section) were: > > > > 1) I didn’t use sslConfig > > > > 2) I had to set subtreeSearch to true on my > org.ldaptive.auth.PooledSearchDnResolver > > > > 3) Some of the properties in the xml config don’t match the properties > file below (e.g. ${ldap.managerDn} and ${ldap.managerPassword} in the xml, > but ${ldap.authn.managerDN} and ${ldap.authn.managerPassword} in the > properties file), so I had to verify those were all named the same thing. > > > > 4) I had to add an org.ldaptive.auth.SearchEntryResolver to > org.ldaptive.auth.Authenticator to handle objectGuid. > > > > 5) changed %u to {user} in my search filter. > > > > If we do not have ssl connection for ldap, is the following config > necessary: > > > > <bean id="connectionConfig" class="org.ldaptive.ConnectionConfig" > > p:ldapUrl="${ldap.url}" > > p:connectTimeout="${ldap.connectTimeout}" > > p:useStartTLS="${ldap.useStartTLS}" > > p:sslConfig-ref="sslConfig"/> > > > > <bean id="sslConfig" class="org.ldaptive.ssl.SslConfig"> > > <property name="credentialConfig"> > > <bean class="org.ldaptive.ssl.X509CredentialConfig" > > p:trustCertificates="${ldap.trustedCert}" /> > > </property> > > </bean> > > > > Also our ldap parameters were as following: > > > > ldap.userDn=uid=admin,ou=People,o=organization > > ldap.search.filter=uid=%u,ou=People,o=organization > > > > ldap.host.name=ldap://as1.organization.com:389 > > ldap.manager.password=password12345 > > > > Do we need any changes in ldap.userDn, ldap.search.filter values for CAS 4.0? > > > > If there is any guide/document related to CAS 4.0 with ldap setup, please > provide reference url. > > -- > You are currently subscribed to cas-...@lists.jasig.org <javascript:> as: > jasig-cas-user...@googlegroups.com <javascript:> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user