On Wed, May 18, 2022 at 4:23 PM Carl Waldbieser <waldb...@lafayette.edu> wrote:
> If I have an entry and an alias in an OpenLDAP DIT such that searching on > "alias" dereferences "entry", is it possible to configure CAS to perform a > 2 stage BIND in this way? > > I.e. > > > 1. User enters "alias" and password at the CAS login form. > 2. CAS searches the DIT with LDAP base "uid=alias,ou=aliases,o=myorg" > and a filter like "(objectClass=*)". > 3. The actual entry dereferenced has DN > "uid=entry,ou=somedepartment,o=myorg". > 4. CAS attempts a BIND against this DN with the provided password. > > It sounds like you need to set derefAliases to something other than the default (NEVER). https://apereo.github.io/cas/6.0.x/configuration/Configuration-Properties-Common.html#ldap-authenticationsearch-settings --Daniel Fisher -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFC6YwTydvydNDqjsh1hCW8AZ52LV-6gqJhrkLnfK4oDjyK52A%40mail.gmail.com.
