Versions Compared

Old Version 8

changes.mady.by.user Shi Yusen

Saved on

compared with

New Version 9

changes.mady.by.user Shi Yusen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tested in Fedora 10, OpenJDK 1.6.0, Tomcat 5.5.27, OpenCms7.0.5, CAS3.3.1, OpenLDAP 2.4.12.

Login Procedure


Module Parameters

 Module parameters for authentication handler:

Code Block
Attribute: a expression to mapping the username to an LDAP attribute, such as uid=%u@langhua.cn or cn=Shi YusenAuthenticationHandler: cn.langhua.opencms.ldap.cas.CmsCasAuthenticationHandler

AutoUserRoleName: not required. If you want the user can login OpenCms workplace by default, this parameter should be RoleWorkplaceUsers.

CasUrl: not required, default is uid=u%https://localhost:8443/cas.

AuthenTypeCasLoginUri: not required, the authenuri typeto ofCAS LDAP serverlogin, default value is simple/login.

AuthenticationHandlerCasValidateUri: not required, the handleruri to authen the user's login, can be cn.langhua.opencms.ldap.cas.CmsCasAuthenticationHandler or cn.langhua.opencms.ldap.openldap.CmsLdapAuthenticationHandler CAS validate, default is /serviceValidate.

CasLenientURL: not required, if set, this url will be used to validate CAS ticket, default is the LDAP onenull.

AutoUserRoleNameCasLogoutUri: when a new user added according to the login servernot required, default is /logout.

 Module parameters for authorization handler:

Code Block

AuthenticationHandler: cn.langhua.opencms.ldap.cas.CmsCasAuthorizationHandler

GroupSearchDN: required, the defaultgroup roledn typeto ofresolve thisOpenCms userOU. If emptynot set, thewill useruse willBaseDN.
be
onlyRoleSearchDN: inrequired, the Userrole dn groupto withoutresolve anyOpenCms role. If BaseDN:not theset, basewill DNuse ofBaseDN.
LDAP
server,BaseDN: suchnot as dc=example,dc=com. No default value.

CasLoginUri: the uri to CAS login, default is /loginrequired.

AutoUserRoleName: not required. If you want the user can login OpenCms workplace by default, this parameter should be RoleWorkplaceUsers.

CasUrl: the url to visit CAS servernot required, default is https://localhost:8443/cas.

CasValidateUriCasLoginUri: not required, the uri to CAS validatelogin, default is /validatelogin.

FilterCasValidateUri: not required, the filteruri to loginCAS LDAP servervalidate, default is (objectclass=*)/serviceValidate.

ScopeCasLenientURL: thenot scoperequired, toif search LDAPset, defaultthis isurl subwill whichbe meansused searchto subtreevalidate fromCAS theticket, BaseDN.default 
URL: the URL of the LDAP server, ldap://localhost:389is null.

UseCmsLoginWhenLDAPFailCasLogoutUri: When LDAP connection or login failed, whether using OpenCms login instead. Default valuenot required, default is true/logout.

 You have to config your CAS server to use LDAP as the above parameters configed.

 How How to validate service ticket

...

How to get the module and the source code

 Download the moduleSVN:

http://sourceforge.net/project/showfiles.php?group_id=163225 The source code: www.langhua.cn/langhua/modules/ldap/

Username:anon

Password:anon

ViewVC:

http://opencms-ldapwww.svnlanghua.sourceforge.netcn/viewvc/opencms-ldap/OpenCms-7.0.1-CAS-3.1-OpenLDAP/; svn/modules/ldap/

Shi Yusen/Beijing Langhua Ltd.

http://www.langhua.org/
http://langhua.cnbiz/