LDAP Attribute Resolution
The following configuration describes how to fetch and retrieve attributes from LDAP attribute repositories.
The following settings and properties are available from the CAS configuration catalog:
cas.authn.attribute-repository.ldap[0].base-dn=
Base DN to use.
There may be scenarios where different parts of a single LDAP tree could be considered as base-dns. Rather than duplicating
the LDAP configuration block for each individual base-dn, each entry can be specified
and joined together using a special delimiter character. The user DN is retrieved using the combination of all base-dn and DN
resolvers in the order defined. DN resolution should fail if multiple DNs are found. Otherwise the first DN found is returned.
Usual syntax is:
|
cas.authn.attribute-repository.ldap[0].bind-credential=
The bind credential to use when connecting to LDAP.
|
cas.authn.attribute-repository.ldap[0].bind-dn=
The bind DN to use when connecting to LDAP. LDAP connection configuration injected into the LDAP connection pool can be initialized with the following parameters:
|
cas.authn.attribute-repository.ldap[0].ldap-url=
The LDAP url to the server. More than one may be specified, separated by space and/or comma.
|
cas.authn.attribute-repository.ldap[0].search-filter=
User filter to use for searching.
Syntax is file:/path/to/GroovyScript.groovy
to fully build the final filter template dynamically.
|
cas.authn.attribute-repository.ldap=
Retrieve attributes from multiple LDAP servers.
|
cas.authn.attribute-repository.ldap[0].search-entry-handlers.case-change.attribute-name-case-change=
The Attribute name case change.
|
cas.authn.attribute-repository.ldap[0].search-entry-handlers.case-change.attribute-names=
The Attribute names.
|
cas.authn.attribute-repository.ldap[0].search-entry-handlers.case-change.attribute-value-case-change=
The Attribute value case change.
|
cas.authn.attribute-repository.ldap[0].search-entry-handlers.case-change.dn-case-change=
The Dn case change.
|
cas.authn.attribute-repository.ldap[0].search-entry-handlers.dn-attribute.add-if-exists=
The Add if exists.
|
cas.authn.attribute-repository.ldap[0].search-entry-handlers.dn-attribute.dn-attribute-name=entryDN
The Dn attribute name.
|
cas.authn.attribute-repository.ldap[0].search-entry-handlers.merge-attribute.attribute-names=
The Attribute names.
|
cas.authn.attribute-repository.ldap[0].search-entry-handlers.merge-attribute.merge-attribute-name=
The Merge attribute name.
|
cas.authn.attribute-repository.ldap[0].search-entry-handlers.primary-group-id.base-dn=
The Base dn.
|
cas.authn.attribute-repository.ldap[0].search-entry-handlers.primary-group-id.group-filter=(&(objectClass=group)(objectSid={0}))
The Group filter.
|
cas.authn.attribute-repository.ldap[0].search-entry-handlers.recursive.merge-attributes=
The Merge attributes.
|
cas.authn.attribute-repository.ldap[0].search-entry-handlers.recursive.search-attribute=
The Search attribute.
|
cas.authn.attribute-repository.ldap[0].search-entry-handlers.search-referral.limit=10
The default referral limit.
|
cas.authn.attribute-repository.ldap[0].search-entry-handlers.search-result.limit=10
The default referral limit.
|
cas.authn.attribute-repository.ldap[0].search-entry-handlers.type=
The type of search entry handler to choose. Available values are as follows:
|
cas.authn.attribute-repository.ldap[0].validator.attribute-name=objectClass
Attribute name to use for the compare validator.
|