# set some properties we can re-use in authn and attributeRepository configuration
ldap-binddn= cn=logon_ldap_user,ou=Application Users,ou=All_Users,dc=example,dc=edu
ldap-bindpw= examplePass
ldap-auth-type= DIRECT
ldap-basedn= ou=All_Users,dc=example,dc=edu
ldap-dnformat= cn=%s,ou=All_Users,dc=example,dc=edu
ldap-user-filter= (cn={user})
ldap-max-pool-size=20
ldap-tls=false
ldap-ssl=true
# configure ldap authentication
cas.authn.ldap[0].trustCertificates=file:/etc/cas/trustedexamplecert.der
cas.authn.ldap[0].base-dn=${ldap-basedn}
cas.authn.ldap[0].bind-credential=${ldap-bindpw}
cas.authn.ldap[0].bind-dn=${ldap-binddn}
cas.authn.ldap[0].dn-format=${ldap-dnformat}
cas.authn.ldap[0].ldap-url=${ldap-url}
cas.authn.ldap[0].max-pool-size=${ldap-max-pool-size}
cas.authn.ldap[0].min-pool-size=0
cas.authn.ldap[0].subtree-search=true
cas.authn.ldap[0].type=${ldap-auth-type}
cas.authn.ldap[0].searchFilter=${ldap-user-filter}
cas.authn.ldap[0].use-ssl=${ldap-ssl}
cas.authn.ldap[0].use-start-tls=${ldap-tls}
# configure ldap attribute repository
cas.authn.attributeRepository.ldap[0].trustCertificates=file:/etc/cas/trustedexamplecert.der
cas.authn.attributeRepository.ldap[0].ldapUrl=${ldap-url}
cas.authn.attributeRepository.ldap[0].order=0
cas.authn.attributeRepository.ldap[0].useSsl=${ldap-ssl}
cas.authn.attributeRepository.ldap[0].useStartTls=${ldap-tls}
cas.authn.attributeRepository.ldap[0].baseDn=${ldap-basedn}
cas.authn.attributeRepository.ldap[0].searchFilter=${ldap-user-filter}
cas.authn.attributeRepository.ldap[0].subtreeSearch=true
cas.authn.attributeRepository.ldap[0].bindDn=${ldap-binddn}
cas.authn.attributeRepository.ldap[0].bindCredential=${ldap-bindpw}
cas.authn.attributeRepository.ldap[0].minPoolSize=0
cas.authn.attributeRepository.ldap[0].maxPoolSize=${ldap-max-pool-size}
cas.authn.attributeRepository.ldap[0].validateOnCheckout=true
# configure validator for attribute repository
cas.authn.attributeRepository.ldap[0].validator.type=SEARCH
cas.authn.attributeRepository.ldap[0].validator.baseDn=${ldap-basedn}
cas.authn.attributeRepository.ldap[0].validator.searchFilter=(objectClass=*)
cas.authn.attributeRepository.ldap[0].validator.scope=OBJECT
cas.authn.attributeRepository.ldap[0].validator.attributeName=objectClass
cas.authn.attributeRepository.ldap[0].validator.attributeValues=top
# Get AD attributes
cas.authn.attributeRepository.ldap[0].attributes.sAMAccountName=samAccountName
cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName
cas.authn.attributeRepository.ldap[0].attributes.mail=email
cas.authn.attributeRepository.ldap[0].attributes.mail=emailAddress
cas.authn.attributeRepository.ldap[0].attributes.givenName=givenName
cas.authn.attributeRepository.ldap[0].attributes.memberOf=memberOf