CAS & LDAP
Michael Ströder
michael at stroeder.com
Thu Jul 24 14:23:40 EDT 2008
Scott Battaglia wrote:
> On Thu, Jul 24, 2008 at 1:24 PM, Michael Ströder <michael at stroeder.com
> <mailto:michael at stroeder.com>> wrote:
>
> Matthew Jones wrote:
> > We already have OpenLDAP installed (although this is another
> > area of non-expertise on my part - just don't ask why I've got
> this job
> > at all!) and it is set up to be suitable for use by the
> > FastBindLdapAdaptor, i.e. authenticate by binding to LDAP using the
> > users credentials.
>
> LDAP Fast bind is a proprietary feature of MS AD. It likely won't work
> with OpenLDAP.
>
> We've used Fast Bind with Sun's LDAP server. Same name for different
> things?
Maybe Sun implemented that too. I can't check at the moment. But it
makes no sense with OpenLDAP.
AFAIK in MS AD nested group membership is resolved when doing a normal
simple bind and put into an attribute 'tokenGroups'. This is bad for
performance, hence the "fast bind".
Further reading:
http://msdn.microsoft.com/en-us/library/aa367028.aspx
Ciao, Michael.
More information about the cas
mailing list