Login Procedure
The new OpenCms login as following:
Module Parameters
...
Requirements
1. OpenCms is authenticated by CAS + LDAP.
2. OpenCms is authorized by CAS + LDAP.
3. Support OpenCms OU.
4. CAS will search LDAP for groups and roles when validating, not authenticating.
5. Validation URI can be customised, not /serviceValidate only.
6. Easy to extend to support CAS + DATABASE
Environments
Tested in Fedora 10, OpenJDK 1.6.0, Tomcat 5.5.27, OpenCms7.0.5, CAS3.3.1, OpenLDAP 2.4.12.
Login Procedure
Module Parameters
Module parameters for authentication handler:
Code Block |
---|
Attribute: a expression to mapping the username to an LDAP attribute, such as uid=%u@langhua.cn or cn=Shi Yusen, default is uid=u%. AuthenType: the authen type of LDAP server, default value is simple. AuthenticationHandler: the handler to authen the user's login, can be cn.langhua.opencms.ldap.cas.CmsCasAuthenticationHandler or cn.langhua.opencms.ldap.openldap.CmsLdapAuthenticationHandler, default is the LDAP one. AutoUserRoleName: when a new user added according to the login server, the default role type of this user. If empty, the user will be only in the User group without any role. BaseDN: the base DN of LDAP server, such as dc=example,dc=com. No default value. CasLoginUri: the uri to CAS login, default is /login. CasUrl: the url to visit CAS server, default is https://localhost:8443/cas. CasValidateUri: the uri to CAS validate, default is /validate. Filter: the filter to login LDAP server, default is (objectclass=*). Scope: the scope to search LDAP, default is sub which means search subtree from the BaseDN. URL: the URL of the LDAP server, ldap://localhost:389. UseCmsLoginWhenLDAPFail: When LDAP connection or login failed, whether using OpenCms login instead. Default value is true. |
...