如何使用" OpenLDAP"?

时间:2016-07-26 14:48:41

标签: cas openldap

我做了文档中关于在CAS中设置LDAP身份验证的内容。 (https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html

CAS服务器目前正在运行,但无法创建用户使用LDAP凭据登录。我正在使用JXplorer添加用户,我将其添加到deployerConfigContext.xml

<ldaptive:bind-search-authenticator id="authenticator"
        ldapUrl="${ldap.url}"
        baseDn="${ldap.baseDn}"
        userFilter="${ldap.authn.searchFilter}"
        bindDn="${ldap.managerDn}"
        bindCredential="${ldap.managerPassword}"
        connectTimeout="${ldap.connectTimeout}"
        useStartTLS="${ldap.useStartTLS}"
        blockWaitTime="${ldap.pool.blockWaitTime}"
        maxPoolSize="${ldap.pool.maxSize}"
        allowMultipleDns="${ldap.allowMultipleDns:false}"
        usePasswordPolicy="${ldap.usePpolicy:false}"
        minPoolSize="${ldap.pool.minSize}"
        validateOnCheckOut="${ldap.pool.validateOnCheckout}"
        validatePeriodically="${ldap.pool.validatePeriodically}"
        validatePeriod="${ldap.pool.validatePeriod}"
        idleTime="${ldap.pool.idleTime}"
        prunePeriod="${ldap.pool.prunePeriod}"
        failFastInitialize="true"
        subtreeSearch="${ldap.subtree.search:true}"
        useSSL="${ldap.use.ssl:false}"
    />

然后,我将其添加到cas.properties文件中:

#========================================
# General properties
#========================================
ldap.url=ldap://myip:389

# Start TLS for SSL connections
ldap.useStartTLS=false

# Directory root DN
# ldap.rootDn=dc=com

# Base DN of users to be authenticated
ldap.baseDn=ou=people,dc=maxcrc,dc=com

# LDAP connection timeout in milliseconds
ldap.connectTimeout=3000

# Manager credential DN
ldap.managerDn=cn=Manager,dc=maxcrc,dc=com

# Manager credential password
ldap.managerPassword=secret
#========================================
# LDAP connection pool configuration
#========================================
ldap.pool.minSize=1
ldap.pool.maxSize=10
ldap.pool.validateOnCheckout=false
ldap.pool.validatePeriodically=true

# Amount of time in milliseconds to block on pool exhausted condition
# before giving up.
ldap.pool.blockWaitTime=3000

# Frequency of connection validation in seconds
# Only applies if validatePeriodically=true
ldap.pool.validatePeriod=300

# Attempt to prune connections every N seconds
ldap.pool.prunePeriod=300

# Maximum amount of time an idle connection is allowed to be in
# pool before it is liable to be removed/destroyed
ldap.pool.idleTime=600

#========================================
# Authentication
#========================================
ldap.authn.searchFilter=cn={user}

# Ldap domain used to resolve dn
ldap.domain=example.org

# Should LDAP Password Policy be enabled?
ldap.usePpolicy=false

# Allow multiple DNs during authentication?
ldap.allowMultipleDns=false

现在,我找不到有关如何在LDAP for CAS中创建用户的任何信息。是的,我看到了一些似乎合法的属性。所以我在JXplorer中创建了一个organizationalPerson。我设置了密码并尝试使用用户名(cn=...)登录。但正如我所料,这不起作用。

那里有什么信息CAS实际上期望从LDAP获得什么?必须有某种指导方针。 cas.properties信息显示:要验证的用户的基本DN ,但CAS如何知道用户具有哪些属性,或者他甚至必须知道它?

所以总结我的问题:如何在LDAP中创建用户,或者用户如何看待?我如何处理CAS了解我的LDAP服务器的CAS(deployerConfigContext.xml)?

1 个答案:

答案 0 :(得分:1)

CAS不关心您的ldap架构,只要您在配置中正确描述它即可。 CAS也不是LDAP服务器,永远不会填充LDAP服务器和/或创建架构。