We had the same problem here at Alcorn. Our F/S accounts are in Active Directory and Student accounts are in OpenLDAP. A typical dn for a student would be uid=desmond,ou=people,dc=mail,dc=alcorn,dc=edu and for F/S (on AD) would be CN=desmond, OU=CITS, OU=User Accounts, DC=alcorn, DC=edu.
The way we solved that problem was to setup OpenLDAP as a meta server and presented the information to CAS a merged LDAP tree. The F/S dn would stay the same, but a student would be translated to uid=desmond, OU=STUDENTS, OU=User Accounts, DC=alcorn, DC=edu We also translated the F/S mail field to UID field because f/s use thier email as thier login (legacy stuff). This approach also eliminated a problem we had with assigning roles in Blackboard also Desmond Stewart > I recently attended the JA-Sig Unconference and it was great. I enjoyed > learning the direction that uPortal and CAS were going. As I am new to both > applications, I have a few questions that I hope someone here can help me > with. > > First, we have successfully configured CAS to work with our LDAP server (for > the sake of future argument, let's call this LDAP1) and with a single > service. > The problem is that we need to configure CAS to work with a secondary LDAP > source (LDAP2) that has a completely different user naming convention than > LDAP1. All services are already using the same user naming convention as > LDAP1. > > I can easily setup a MySQL db to define the mapping between the LDAP2 > username and the appropriate service username. However, how would I > configure CAS to authenticate using LDAP2 username, then query the db to > retrieve the correct username, and then pass it to the appropriate service? > > Any direction on this is greatly appreciate! > Thanks, > -Anson > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
