[cas-user] having trouble with ldap config for cas-services mangement webapp

Wed, 24 Feb 2016 08:38:22 -0800 

I am having a really tough time getting cas services management webapp to 
work w/ldap (against an IPA server)

I can get authentication to work, but I can't figure out what are the right 
group-xxx attributes to use, I don't know what they are intended to do.

Where can I find out how these are used?

I've pulled my ldap values out into a .properties file for easier 
maintenance, copying for the most part that which works just fine for my 
cas server

in my managementConfigContext.xml -- I have made only this change 

    <sec:ldap-server id="ldapServer" url="${ldap.url}"
                     manager-dn="${ldap.authn.managerDN}"
                     manager-password="${ldap.authn.managerPassword}" />


    <sec:ldap-user-service id="userDetailsService" server-ref="ldapServer"
                group-search-base="${ldap.authn.group.baseDn}" 
group-role-attribute="${ldap.authn.group.roleAttr}"
                group-search-filter="${ldap.authn.group.searchFilter}"
                user-search-base="${ldap.authn.user.baseDn}"
                user-search-filter="${ldap.authn.user.searchFilter}"/>



I have added these values to my cas-mangement.properties

# LDAP Server
ldap.url=<omitted>

# LDAP connection timeout in milliseconds
ldap.connectTimeout=3000

# Whether to use StartTLS (probably needed if not SSL connection)
ldap.useStartTLS=false

# Base DN of users to be authenticated
ldap.authn.user.baseDn=cn=users,cn=accounts,dc=epc-instore,dc=com


# Manager DN for authenticated searches
ldap.authn.managerDN=uid=<omitted>,cn=users,cn=accounts,dc=epc-instore,dc=
com


# Manager password for authenticated searches
ldap.authn.managerPassword=<omitted>


# Search filter used for configurations that require searching for DNs
#ldap.authn.searchFilter=(&(uid={user})(accountState=active))
ldap.authn.user.searchFilter=(uid={0})


ldap.authn.group.searchFilter=gidNumber=1886200029
ldap.authn.group.baseDn=cn=groups,cn=accounts,dc=epc-instore,dc=com
ldap.authn.group.roleAttr=cn


# Search filter used for configurations that require searching for DNs
#ldap.authn.format=uid=%s,ou=Users,dc=example,dc=org
ldap.authn.format=uid=%s,cn=users,cn=accounts,dc=epc-instore,dc=com


# A path to trusted X.509 certificate for StartTLS 
ldap.trustedCert=/path/to/cert.cer



-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

Reply via email to