CAS & LDAP

[Matthew Jones]

O.K. This is all a bit of a beginners question so be gentle with me.
First let me say I am not really familiar with CAS, Tomcat or even Java. 
I seem to have (had) a working CAS server with the default simple 
authenticator set-up and I am trying to make it work with our LDAP 
server. So I have been following the LDAP Authentication Handler
instructions to set up my CAS instance to authenticate using our
OpenLDAP server and am getting a little confused.

Our organisation has bought a product that supports CAS for central
authentication and we are trying to produce an Intranet with SSO that
accesses this product. Thus, we are looking at using CAS as our SSO
technology. We already have OpenLDAP installed (although this is another
area of non-expertise on my part - just don't ask why I've got this job
at all!) and it is set up to be suitable for use by the
FastBindLdapAdaptor, i.e. authenticate by binding to LDAP using the
users credentials.

Now, I see that I should have an AuthenticatedLdapContextSource bean
configured but this has parameters (property) such as userName and
Password. Given that these values should come from the CAS login screen
what should I put here?

These are all very basic questions but ones that I can't seem to figure
out. Some of the mailing list archives mention similar things and then
seem to say that you put the "correct" values in for userName &
password. However, I think these relate to the alternative LDAP
accessors where the directory is browsed either anonymously or not for
the user in question before performing the authentication.

Maybe I have got the wrong end of the stick altogether but I thought
that using the bind directly to LDAP ought to be the simplest form of
LDAP authentication. However, when username & password are mentioned I
get confused. The configuration file (and some posts) mention the
UsernamePasswordCredentialsToPrincipalResolver  and a produced
SimplePrincipal instance. Should I be making use of these and if so how?

Sorry for the very basic nature of these questions but it isn't obvious
to me what I should be trying to do.

Thanks

-- 
Matthew Jones
Interactive Data Managed Solutions Ltd
-----------------------------------------------------------------------
Registered in England Company Number 3691868
Registered Office: Suite 1101 Eagle Tower | Montpellier Drive |
Cheltenham | Gloucestershire | GL50 1TA
Tel: +44 (0)1242 694133 | Fax: +44 (0)1242 694109
matthew.jones at interactivedata.com
http://www.interactivedata-ms.com/694133
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2690 bytes
Desc: S/MIME Cryptographic Signature
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20080724/8e707cac/attachment.bin