Re: [cas-user] Disabling escaping of special characters such as '#' in MS Active Directory usernames

Mon, 01 Apr 2024 11:23:18 -0700 

Hello, Ray

I've tried different ways to configure this setting ".searchFilter". But 
nothing works

cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldap://<url>:389
cas.authn.ldap[0].baseDn=<baseDn>

*cas.authn.ldap[0].dnFormat=%s@<domain>#cas.authn.ldap[0].dnFormat=#%s@<domain>*
#cas.authn.ldap[0].dnFormat=%s
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].useStartTls=false
cas.authn.ldap[0].connectTimeout=5000

cas.authn.ldap[0].userFilter=(sAMAccountName={user})
#cas.authn.ldap[0].userFilter=(|(sAMAccountName=#{user})(sAMAccountName={user}))
#cas.authn.ldap[0].userFilter=(UserPrincipalName={0})
#cas.authn.ldap[0].userFilter=(UserPrincipalName={user})

*cas.authn.ldap[0].searchFilter=(sAMAccountName=#{user})*


*#cas.authn.ldap[0].searchFilter=(|(sAMAccountName=#{user})(sAMAccountName={user}))#cas.authn.ldap[0].searchFilter=(sAMAccountName={user})*

cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].usePasswordPolicy=false
cas.authn.ldap[0].principalAttributeId=
cas.authn.ldap[0].principalAttributeList=
cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true
cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true

Regards,
Bogdan Badz

суббота, 23 марта 2024 г. в 05:58:54 UTC+2, Ray Bon: 

> Bogdan,
>
> Perhaps you can use the ldap filter
> search-filter=#{user}
>
> You can have multiple ldap configs and they are processed in order.
>
> Ray
>
> On Fri, 2024-03-22 at 11:04 -0700, Bogdan Badz wrote:
>
> Notice: This message was sent from outside the University of Victoria 
> email system. Please be cautious with links and sensitive information.
>
>
> Hello CAS Community
>
> We are using CAS v6.5 as Federated Sign-In Module for MS Active Directory 
> users. There is a requirement to support  usernames starting with a hash 
> symbol '#'.
>
> For example: #te...@domain.com.
>
> We noticed that for integration with LDAP, CAS uses the Ldaptive library.
>
> The documentation says that in this case special characters are escaped. 
> And this is working correctly.
>
> But we would also need the ability to disable this feature for certain 
> characters.
>
> org.ldaptive.auth.FormatDnResolver contains boolean value 'escapeUser' 
> which is 'true' by default.
>
> At the Ldaptive library level this parameter can be configured, but based 
> on what we saw in the CAS sources, only the default state is used there 
> which does not help us authenticate AD users beginning with #.
>
> Could anyone help us solve this problem?
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ce573025-876b-406b-8968-7560833ed7e0n%40apereo.org.

Reply via email to