CAS Authentication using multiple Ldap Servers
903 views
Skip to first unread message
rheman puewe
May 16, 2017, 1:38:34 AM5/16/17
to CAS Community
Hello everyone.
I using cas 4.1.x and I want to know ho to setup CAS Authentication using multiple Ldap Servers.
Best regard
Andrew Morgan
May 16, 2017, 11:54:46 AM5/16/17
to 'rheman puewe' via CAS Community
separating them with spaces. For example:
ldap://directory-1.ldaptive.org ldap://directory-2.ldaptive.org
This is covered in the ldaptive documentation. Look at the "URLs &
Connection Strategies" section of:
http://www.ldaptive.org/docs/guide/connections.html
Andy
rheman puewe
May 17, 2017, 2:35:41 AM5/17/17
to cas-...@apereo.org
Thanks a lot but the baseDN, managerDN and managerPassord are different in my two ldap servers. What am I suppose to do with the following attributes ?
ldap.authn.baseDn
ldap.authn.managerDN
ldap.authn.managerPassword
ldap.baseDn
Best regard
Vincent N.
May 17, 2017, 4:23:44 AM5/17/17
to CAS Community
It's possible. The ides is to configure the different LDAPs in the deployerConfigContext.xml. Example /WEB-INF/deployerConfigContext.xml:
<!-- CAS Authentication -->
<util:map id="authenticationHandlersResolvers">
<!-- First Active Directory -->
<entry key-ref="FirstLdapAuthenticationHandler" value-ref="profileResolver" />
<!-- Second Active Directory -->
<entry key-ref="SecondLdapAuthenticationHandler" value-ref="profileResolver" />
<!-- "local" OpenLDAP -->
<entry key-ref="LocalLdapAuthenticationHandler" value="#{null}" />
</util:map>
<alias name="personDirectoryPrincipalResolver" alias="profileResolver" />
You can then create one XML configuration file per LDAP. For example:
/WEB-INF/spring-configuration/firstAD.xml
/WEB-INF/spring-configuration/secondAD.xml
/WEB-INF/spring-configuration/localOpenldap.xml
To be consistent with this approach, you can then comment every lines ldap.xxx in the cas.properties files, and create one property files per configuration. For example:
firstAD.properties
secondAD.properties
localOpenldap.properties
Of course, each variable declared in these files must be unique through out these files, for example:
firstAD.properties => ldap-firstad.url=ldap://myfirstADdomain:389
secondAD.properties => ldap-secondad.url=ldap://mysecondADdomain:389
localOpenldap.properties => ldap-localopenldap.url=ldap://mylocalldapdomain:389
and these variables must be used in the corresponding XML files. Example in /WEB-INF/spring-configuration/firstAD.xml:
<bean id="abstractConnectionConfig" abstract="true"
class="org.ldaptive.ConnectionConfig"
p:ldapUrl="${ldap-firstad.url}"
p:connectTimeout="${ldap-firstad.connectTimeout}"
p:useStartTLS="${ldap-firstad.useStartTLS}"
p:sslConfig-ref="sslConfig" />
Finally, you need to reference these property files in the /WEB-INF/spring-configuration/propertyFileConfiguration.xml. For example:
<bean id="casProperties" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="locations">
<list>
<value>${cas.properties.config.location:classpath:cas.properties}</value>
<value>${firstAD.properties.config.location:classpath:firstAD.properties}</value>
<value>${secondAD.properties.config.location:classpath:secondAD.properties}</value>
<value>${localOpenldap.properties.config.location:classpath:localOpenldap.properties}</value>
</list>
</property>
</bean>
The variables 'xxxxx.properties.config.location' allow you to set the files full path using the environment variables, e.g. by setting -DfirstAD.properties.config.location=/var/CAS/firstAD.properties in the Tomcat $CATALINA_BASE/setenv file. Of course, you can still put these files in the classpath which is the default configuration.
And that's all !
<!-- CAS Authentication -->
<util:map id="authenticationHandlersResolvers">
<!-- First Active Directory -->
<entry key-ref="FirstLdapAuthenticationHandler" value-ref="profileResolver" />
<!-- Second Active Directory -->
<entry key-ref="SecondLdapAuthenticationHandler" value-ref="profileResolver" />
<!-- "local" OpenLDAP -->
<entry key-ref="LocalLdapAuthenticationHandler" value="#{null}" />
</util:map>
<alias name="personDirectoryPrincipalResolver" alias="profileResolver" />
You can then create one XML configuration file per LDAP. For example:
/WEB-INF/spring-configuration/firstAD.xml
/WEB-INF/spring-configuration/secondAD.xml
/WEB-INF/spring-configuration/localOpenldap.xml
To be consistent with this approach, you can then comment every lines ldap.xxx in the cas.properties files, and create one property files per configuration. For example:
firstAD.properties
secondAD.properties
localOpenldap.properties
Of course, each variable declared in these files must be unique through out these files, for example:
firstAD.properties => ldap-firstad.url=ldap://myfirstADdomain:389
secondAD.properties => ldap-secondad.url=ldap://mysecondADdomain:389
localOpenldap.properties => ldap-localopenldap.url=ldap://mylocalldapdomain:389
and these variables must be used in the corresponding XML files. Example in /WEB-INF/spring-configuration/firstAD.xml:
<bean id="abstractConnectionConfig" abstract="true"
class="org.ldaptive.ConnectionConfig"
p:ldapUrl="${ldap-firstad.url}"
p:connectTimeout="${ldap-firstad.connectTimeout}"
p:useStartTLS="${ldap-firstad.useStartTLS}"
p:sslConfig-ref="sslConfig" />
Finally, you need to reference these property files in the /WEB-INF/spring-configuration/propertyFileConfiguration.xml. For example:
<bean id="casProperties" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="locations">
<list>
<value>${cas.properties.config.location:classpath:cas.properties}</value>
<value>${firstAD.properties.config.location:classpath:firstAD.properties}</value>
<value>${secondAD.properties.config.location:classpath:secondAD.properties}</value>
<value>${localOpenldap.properties.config.location:classpath:localOpenldap.properties}</value>
</list>
</property>
</bean>
The variables 'xxxxx.properties.config.location' allow you to set the files full path using the environment variables, e.g. by setting -DfirstAD.properties.config.location=/var/CAS/firstAD.properties in the Tomcat $CATALINA_BASE/setenv file. Of course, you can still put these files in the classpath which is the default configuration.
And that's all !
rheman puewe
May 17, 2017, 10:38:31 AM5/17/17
to cas-...@apereo.org
Thanks a lot. I am working on it now
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/19c71ff0-bb0f-4df3-8751-a2b1e5641241%40apereo.org.
Reply all
Reply to author
Forward
0 new messages