CAS for Multi-Domain Services

Wed Nov 14 17:44:29 EST 2007

We had
the same problem here at Alcorn.  Our F/S accounts are in Active Directory
and Student accounts are in OpenLDAP.  A typical dn for a student would be
uid=desmond,ou=people,dc=mail,dc=alcorn,dc=edu and for F/S (on AD) would be
CN=desmond, OU=CITS, OU=User Accounts, DC=alcorn, DC=edu.

The way
we solved that problem was to setup OpenLDAP as a meta server and presented the
information to CAS a merged LDAP tree.

The F/S
dn would stay the same, but a student would be translated to uid=desmond,
OU=STUDENTS, OU=User Accounts, DC=alcorn, DC=edu

We also translated the F/S mail field to UID field because f/s use thier
email as thier login (legacy stuff).

This
approach also eliminated a problem we had with assigning roles in Blackboard
also

Desmond
Stewart

> I recently attended the JA-Sig Unconference and it was great. I enjoyed 

> learning the direction that uPortal and CAS were going. As I am new to both

> applications, I have a few questions that I hope someone here can help me

> with. 

> 

> First, we have successfully configured CAS to work with our LDAP server
(for 

> the sake of future argument, let's call this LDAP1) and with a single 

> service. 

> The problem is that we need to configure CAS to work with a secondary LDAP

> source (LDAP2) that has a completely different user naming convention than

> LDAP1. All services are already using the same user naming convention as 

> LDAP1. 

> 

> I can easily setup a MySQL db to define the mapping between the LDAP2 

> username and the appropriate service username. However, how would I 

> configure CAS to authenticate using LDAP2 username, then query the db to 

> retrieve the correct username, and then pass it to the appropriate service?

> 

> Any direction on this is greatly appreciate! 

> Thanks, 

> -Anson 

> _______________________________________________ 

> Yale CAS mailing list 

> cas at tp.its.yale.edu 

> http://tp.its.yale.edu/mailman/listinfo/cas 

> 