Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Got rid of the '-based' in the title.

Transparent LDAP

...

Remote Address Authentication Handler

Introduction

Directory servers such as eDirectory store an authenticated user's network address. In the case of eDirectory this network address is recorded when a user logs into a desktop using the Novell Client. This address is then exposed via the networkAddress LDAP attribute. This stored information can be used to transparently authenticate a user to CAS by performing an LDAP lookup for the client address and relevant user credentials. For example:

...

  • filter - The LDAP search filter to apply when performing a network address search. e.g. (&(networkAddress=%u)(objectClass=inetOrgPerson))
    Note: In an XML file the & LDAP search character needs to be replaced with & amp; to avoid parse errors.
  • principalAttributeName - The LDAP attribute to return as the Principal name. e.g. cn
  • ipAddressFormat - The format by which the network address is stored in the directory.
    Currently this handler supports two formats, standard (i.e. 192.168.1.1) and edirectory87 (a byte array). In the future it is hoped more support will be added.
  • searchBase - The LDAP search base to use when performing a search. e.g. ou=users,o=organisaiton
  • contextSource - A reference to the previously defined LDAP context source bean.

...