Skip to content
This repository has been archived by the owner on Nov 3, 2017. It is now read-only.

Configuring AuthenticationManager with BindLdapAuthenticationHandler

Jump to bottom
Dmitriy Kopylenko edited this page Jan 16, 2014 · 5 revisions

To configure an AuthenticationManager with all the default components and BindLdapAuthenticationHandler use the following configuration element:

<cas:authentication-manager-with-bind-ldap-handler
        user-dn="user"
        password="pass"
        urls="ldaps://ldap1, ldaps://ldap2"
        filter="sAMAccountName=%u"
        search-base="OU=users"
        is-pooled="false"
        ignore-partial-result-exception="true">

    <cas:ldap-properties>
      <cas:ldap-prop key="com.sun.jndi.ldap.connect.timeout" value="3000"/>
      <cas:ldap-prop key="com.sun.jndi.ldap.read.timeout" value="3000"/>
      <cas:ldap-prop key="java.naming.security.authentication" value="simple"/>
      <cas:ldap-prop key="java.naming.referral" value="follow"/>
    </cas:ldap-properties>

</cas:authentication-manager-with-bind-ldap-handler>

In version 1.10

Version 1.10 introduces an ability to inject an attribute repository bean reference into an internally created UsernamePasswordCredentialsToPrincipalResolver by using a new optional attribute-repository-for-principal-resolver attribute like so:

<cas:authentication-manager-with-bind-ldap-handler
    user-dn="user"
    password="pass"
    urls="ldaps://ldap1, ldaps://ldap2"
    filter="sAMAccountName=%u"
    search-base="OU=users"
    is-pooled="false"
    ignore-partial-result-exception="true"
    attribute-repository-for-principal-resolver="attributeRepository"/>

Version 1.10 also adds a way to expose the internally created LdapContextSource bean to the parent application context so it could be injected into other beans that require it, for example an attribute repository that uses LDAP directory, etc. This is done by means of the new expose-context-source-bean-as attribute like so:

<cas:authentication-manager-with-bind-ldap-handler
                                          user-dn="user"
                                          password="pass"
                                          urls="ldaps://ldap1, ldaps://ldap2"
                                          filter="sAMAccountName=%u"
                                          search-base="OU=users"
                                          is-pooled="false"
                                          ignore-partial-result-exception="true" 
                                          attribute-repository-for-principal-resolver="attributeRepository"
                                          expose-context-source-bean-as="contextSource"/>
Clone this wiki locally