Dashboard > CAS User Manual > Home > Authentication > Active Directory
Log In   View a printable version of the current page.
CAS User Manual
Active Directory
Browse Space    
Added by David Durr , last edited by Scott Battaglia on Jan 04, 2008  (view change)
Labels: 


To authenticate users to MS Active Directory both the LDAP interface and the Kerberos interface can be used. See the relevant sections in this manual for more details:

The advantage of configuring SPNEGO is that users that are logged in to the AD domain will be logged in automatically at CAS, without any interaction asking for the password yet again. Note that this may not be desirable.

Example Configuration for FastBind and Active Directory

<bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" >
   <property name="filter" value="%u@domainname.tld" />
   <property name="contextSource" ref="contextSource" />
   <property name="ignorePartialResultException" value="yes" />
</bean>

<bean id="contextSource"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
   <property name="urls">
       <list>
           <value>ldap://adserver</value>
       </list>
   </property>
</bean>

The example uses something called User Principal Name (UPN) in filter. The full Distinguished Name (DN) was CN=LastName\,
FirstName,OU=Users,DC=domainname,DC=tld.
Powered by a free Atlassian Confluence Open Source Project License granted to Java Architectures Special Interest Group. Evaluate Confluence today.
Powered by Atlassian Confluence 2.7.3, the Enterprise Wiki. Bug/feature request - Atlassian news - Contact administrators