> On Jun 2, 2015, at 12:38 AM, HURTEVENT VINCENT > <vincent.hurtev...@univ-lyon1.fr> wrote: ... > But, about the login retrieval, is this the wanted behavior that CAS server > uses the typed user’s login and not an attribute value retrieved from LDAP > queries ?
Without looking at the code, I thought the BindLdapAuthenticationHandler connector uses the loginid stored in the directory. That is, if you type “VINcent” in CAS the login page, and the directory contains (uid) “vincent”, that “vincent” will be returned. Maybe someone more knowledgable with CAS internals can comment. That’s not the case for fast bind. The only loginid available to CAS is what the user types in, so “VINcent” will be returned unless you write a filter to normalize the loginid. We did this with a credentials-to-principal resolver that calls trim().toLowerCase() to conform to our loginid standard (effectively one line of code). I don’t think this is what you’re doing, though. Tom. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
