On Fri, Oct 18, 2013 at 07:03:10AM -0700, Geo P.C. wrote:
We installed CAS Server 3.5.2 and configured https. Now we need to
integrate this CAS server with our openldap server. Please let us know
how we can integrate with it. We refereed this url:
Integrate how? As an authentication source? Or as an attribute source?
Or both?
From the authentication perspective, I just added this bean to the top
of deployerConfigContext.xml:
bean id=ldapAuthContextSource
class=org.springframework.ldap.core.support.LdapContextSource
property name=pooled value=false/
property name=url value=ldaps://ldap.csupomona.edu /
property name=baseEnvironmentProperties
map
entry key=com.sun.jndi.ldap.connect.timeout value=3000 /
entry key=com.sun.jndi.ldap.read.timeout value=3000 /
entry key=java.naming.security.authentication value=simple /
/map
/property
/bean
and updated the authenticationManager bean authenticationHandlers to include:
bean
class=org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler
property name=filter value=uid=%u,ou=user,dc=csupomona,dc=edu /
property name=contextSource ref=ldapAuthContextSource /
/bean
If you can't staticly determine the DN of your users from just the username,
you won't be able to use the FastBindLdapAuthenticationHandler, you'll
need to use the one that searches for a user to find the DN before
binding.
You'll also need to pull in the cas-server-support-ldap dependency. The
only really clean way to do this it seems is via the maven overlay
method:
https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven2+WAR+Overlay+Method
The documentation isn't quite there, so it might take a few rounds before
you get it all sorted out. If I get some time, I'll try to go back through
my recent install and make note of all the things the wiki was missing or
had outdated information on and do some updating...
--
Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst | hen...@csupomona.edu
California State Polytechnic University | Pomona CA 91768
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user