You might find this link helpful. It's a work in progress and not "official" documentation, but it does include, among other things, an example and step-by-step instructions for how to configure for AD, both authentication and attributes.
https://dacurry-tns.github.io/deploying-apereo-cas/ David A. Curry, CISSP Director of Information Security The New School - Information Technology 71 Fifth Ave., 9th Fl. ~ New York, NY 10003 +1 212 229-5300 x4728 ~ [email protected] Sent from my phone; please excuse typos and inane auto-corrections. On Dec 13, 2017 17:08, "Tim Tyler" <[email protected]> wrote: I am a newbie to CAS. I just installed 5.2 using Maven. I successfully logged in via the test account of causer. But now I want to get ldap against active directory working. I successfully installed the dependencies and that seems ok. My issue is with configuring cas.properties. I read on-line that if I use type=AD, I need to use dnFormat? Is that true? I don’t really understand how that entry should look. Also, I would like to use SSL or TLS. Not sure if certs are necessary for at least establishing encryption. Can someone share with me the necessary settings for getting ldap to auth against AD. I seem to be struggling with what I particularly need to get ldap to work against AD. And if I need dnFormat, I could use an example of how that should look. Below is my config related to ldap. cas.authn.ldap[0].type=AD cas.authn.ldap[0].ldapUrl=ldaps://bcdc3.beloit.edu cas.authn.ldap[0].connectionStrategy= cas.authn.ldap[0].useSsl=true cas.authn.ldap[0].useStartTls=false cas.authn.ldap[0].connectTimeout=5000 cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].baseDn=dc=its,dc=beloit,dc=edu cas.authn.ldap[0].userFilter=cn={sAMAccountName} cas.authn.ldap[0].bindDn=CN=ldapadmin,CN=Users,DC=its,DC=beloit,DC=edu cas.authn.ldap[0].bindCredential=xxxxxxxx #cas.authn.ldap[0].enhanceWithEntryResolver=false #cas.authn.ldap[0].dnFormat=%s,dc=its,dc=beloit,dc=edu #cas.authn.ldap[0].principalAttributeId=sAMAccountName #cas.authn.ldap[0].principalAttributePassword=password Tim Tyler Network Engineer Beloit College -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ apereo.org/d/msgid/cas-user/22394f2759232d0a1e53c6d61f841f 82%40mail.gmail.com <https://groups.google.com/a/apereo.org/d/msgid/cas-user/22394f2759232d0a1e53c6d61f841f82%40mail.gmail.com?utm_medium=email&utm_source=footer> . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAP7Mjij5FCqEmsZyCWThqnyxbRQxQyarYH%2BbJVkTPdKNw%40mail.gmail.com.
