LDAP autentication with DUO MFA only returning DUO attributes

[Mike S]

Hi all,

Our CAS 7.0 system is configured to use OpenLDAP for authentication and the attribute repository. However, once DUO MFA is enabled via the Fawnoos blog entry, the attributes returned for the principal are from DUO. How do we tell CAS to only use the LDAP attribute repository?

Thanks,

Mike

[Ocean Liu]

Hi Mike,

Our set up is very similar with yours: CAS 7, LDAP for authentication and attribute repository, DUO MFA enabled.

We migrated from CAS 5.3, we noticed CAS 7 with DUO does add duo related attribute to the principle.

However we can still see the attributes from the LDAP authentication and attribute repository.

> the attributes returned for the principal are from DUO

Are you noticing the attributes from your LDAP **missing**? If so, that is not normal.

> How do we tell CAS to only use the LDAP attribute repository?

I don't think there is a way to do this via configuration, your only hope probably will be via customization.

Best,

Ocean

[Mike S]

Hi Ocean, thanks for your reply. Yes, all LDAP attributes are missing. Merging attributes is supposed to be the default behaviour, but clearly something is up!