We currently run 4.2.6 with ldaptive:bind-search-authenticator Spring extension wired into deployerConfigContext.xml.
With this configuration, the ldaptive connection pool search validator by default queries the RootDSE (baseDn=“”). It looks like the validator search base DN cannot be configured though the Spring extension. Likewise, with the validator search filter and LDAP responseTimeout. Our LDAP infrastructure happens to have a split directory tree; an LDAP proxy unifies the DITs. Consequently for us, the search validator does not hit the actual back ends containing credentials, meaning it’s theoretically possible (though unlikely) for the search validator to return “success” when all back ends are failed. The validateOnCheckOut setting looks to have the same limitation (baseDn=“”). Q: I assume the “old” style of configuring LDAP with Spring Beans is still supported in 4.2.x (cf. https://gist.github.com/serac/5886858). Correct? Q: Given Spring Boot in CAS 5, will it be possible to declare search validator search base, filter and responseTime? Or is code required? Thanks. Tom. -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/10F0E4AC-AD9C-477B-A65C-EB5E9B6513A4%40ucdavis.edu.
