combining multiple ldap directories
Romain BOURGUE
romain.bourgue at agriculture.gouv.fr
Fri Mar 14 09:13:54 EDT 2008
CAS3 is structured to separate authentication from populating user attributes.
Your authentication should rely on an LDAPAuthenticationHandler pluged to AD
(see http://www.ja-sig.org/wiki/display/CASUM/LDAP ) and populating the
principal should rely on CredentialsToLDAPAttributePrincipalResolver pluged to
your OpenLDAP (see http://www.ja-sig.org/wiki/display/CASUM/Attributes )
Romain
Kevin Foote a écrit :
> Hi all
> Im interested in finding out if CAS3 is able to meld separate ldap
> directories together upon one successful authentication.
>
> Here is my basis of needing this. We use MSAD for our authn functions.
> This ldap directory contains very little attribute data about a given
> EID. (NO first, last, email, etc etc) However we do store group info
> in the MemberOf field which I would need to parse out to get a user
> type.
> Our second ldap (openldap) stores all the user attributes for a given
> user first, last, email, address, phone etc etc. .. NO group
> membership, NO
> authn capabilities.
>
> I believe shibboleth can do something like this .. joining of
> separate directories. I'm wondering if CAS3 can do this alone at its
> present state.
>
>>From the user perspective the authn would happen and then all their
> current attributes would be populated behind the scene using both of
> the
> ldap directories.
>
> Is this do able ??
>
More information about the cas
mailing list