How to config LDAP / Active directory

[Hoang Anh Duc]

I'm using CAS 5.3.2 and want to configure CAS with LDAP. I haven't done it before. I found this guide for my installation. I followed it and dded the "compile" line and built succeed. But I don't know how to make a full configuration to link my LDAP with this CAS. The doc looks simple. Anyone can show me a simple example? Thanks!

Here's what I added to my cas.properties, but it worked yet:

cas.authn.ldap[0].ldapUrl=ldaps://ldap.forumsys.com
cas.authn.ldap[0].bindDn=cn=read-only-admin,dc=example,dc=com
cas.authn.ldap[0].bindCredential=password
cas.authn.ldap[0].useSsl=true
cas.authn.ldap[0].useStartTls=false

cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName
cas.authn.ldap[0].collectDnAttribute=false
cas.authn.ldap[0].principalDnAttributeName=principalLdapDn
cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true
cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true

[Tuấn Vũ Anh]

O you want, you can contact with me, i can build and deployed success cas 5.0 with AD and openldap

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3b7b089c-f08a-495e-9b90-6af20083043e%40apereo.org.

--

FullName : Vũ Anh Tuấn

Workplace: P.Tư vấn và Triển khai - Trung Tâm Chuyển giao công nghệ - Cục Công nghệ thông tin - Bộ TN&MT.

HandFone: 090.349.4078 - 0902.113.274

Email :       vuanhtu...@gmail.com - vat...@tnmt.vn
Skype :       vuanhtuanbk248

[Ray Bon]

Duc,

I also have these:

cas.authn.ldap[0].baseDn=ou=loadtesters,ou=uportal,ou=applications,dc=uvic,dc=ca

cas.authn.ldap[0].userFilter=uid:2.5.13.5:={user}

Ray

-- 
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca

[JC]

I believe that the 'cas.authn.ldap[0].userFilter' has been changed to 'cas.authn.ldap[0].searchFilter' in 5.3.x. I also needed the CA certificate and used 'cas.authn.ldap[0].trustCertificates=file:/<path_to_file>' in my config.

James

[João Henriques]

Hi, 

It may be useful for this or for some other cases. We are still on alpha phase of CAS usage, however we have already setup the CAS for two domains, one on Active Directory and the other on LDAP. Both are currently working nicely. Here goes the example config. If someone finds some misconfiguration, please tell me - we are currently trying to configure and understand CAS :) )

#ActiveDirectory - Domain 1

cas.authn.ldap[0].order=1

cas.authn.ldap[0].name=LDAP1

cas.authn.ldap[0].type=AD

cas.authn.ldap[0].useSsl=true

cas.authn.ldap[0].ldapUrl=ldaps://ad.domain.com/

cas.authn.ldap[0].enhanceWithEntryResolver=true

cas.authn.ldap[0].baseDn=OU=Departments,DC=DOMAIN,DC=COM

cas.authn.ldap[0].bindDn=CN=bind_account,OU=service_accounts,DC=DOMAIN,DC=com

cas.authn.ldap[0].bindCredential=credentials

cas.authn.ldap[0].searchFilter=cn={user}

cas.authn.ldap[0].dnFormat=%s...@DOMAIN.com

cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true

cas.authn.ldap[0].poolPassivator=BIND

In order to allow ssl, we had to add CA/domain cert to the keystore

#Attribute repository

cas.authn.attributeRepository.ldap[0].keystore=file:/etc/pki/ca-trust/extracted/java/cacerts

cas.authn.attributeRepository.ldap[0].keystorePassword=password (default: changeit)

#LDAP - domain2 (hosted on zimbra)

cas.authn.ldap[1].order=2

cas.authn.ldap[1].name=LDAP-DOMAIN2

cas.authn.ldap[1].type=AUTHENTICATED

cas.authn.ldap[1].useSsl=false

cas.authn.ldap[1].ldapUrl=ldap://ldap.DOMAIN2.com/

cas.authn.ldap[1].enhanceWithEntryResolver=true

cas.authn.ldap[1].baseDn=ou=people,dc=DOMAIN2,dc=pt

cas.authn.ldap[1].bindDn=uid=zimbra,cn=admins,cn=zimbra

cas.authn.ldap[1].bindCredential=credentials

cas.authn.ldap[1].searchFilter=uid={user}

cas.authn.ldap[1].allowMultiplePrincipalAttributeValues=true

Best regards,