Skate, Shoot, Score !! I figured out how to add roles in the IPA app and added one called ROLE_ADMIN, but that didn't work, and when I turned on debug I saw why -- I was being granted the role: ROLE_ROLE_ADMIN -- sigh... OK so a quick change in IPA to the role name of ADMIN and things started working. Afterwards I changed that to: admin -- and that works also, so it seems to be case sensitive.
My group search items are: # group search items -- note: IPA required authenticated search to see roles ldap.authn.group.searchFilter=(cn=admin) ldap.authn.group.baseDn=cn=roles,cn=accounts,dc=my-domain,dc=com ldap.authn.group.roleAttr=cn So, 1st I had to figure out how to make the group stuff return the string I wanted it to: ROLE_ADMIN -- and then I had to realize that the ROLE_ is applied programmatically Whew! Al; -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
