LDAP CAS plugin is an LDAP authentication plugin that supports integration in a CAS (Central Authentication Service) environment.
LDAP CAS plugin is a plugin for Fedora Directory Server (it should also work in Red Hat Directory Server, and probably in SUN's Directory Server) that allows authentication in a CAS SSO enviroment. In a LDAP bind operation, it accepts normal user passwords and CAS tickets (PT or ST), called credentials in the code sources.
INSTALLATION:
Review Makefile
Stop LDAP server
Do make
Copy libcas-plugin.so to [serverRoot]/lib/
Add the following entry for the server plug-in to
[serverRoot]/slapd-[serverID]/config/dse.ldif
(Change '/opt/ldapserver' with your Fedora DS [serverRoot])
(Change '/etc/security' with whatever fits you. If not present it defaults to '/etc/cas.conf')
(Change casMaxCachedUsers with an upper limit for your users)
(Change casMaxCachedTimeAcc with seconds while a cached credential is considered valid since last accessed)
(Change casMaxCachedTimeCrea with seconds while a cached credential is considered valid since it was created. Must be greater than casMaxCachedTimeAcc)
dn: cn=CAS Pass Through Auth,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
objectClass: casConfig
cn: CAS Pass Through Auth
nsslapd-pluginPath: /opt/ldapserver/lib/libcas-plugin.so
nsslapd-pluginInitfunc: cas_passthruauth_init
nsslapd-pluginType: preoperation
nsslapd-pluginEnabled: on
nsslapd-pluginloadglobal: true
nsslapd-plugin-depends-on-type: database
casMissingSuffix: ALLOW
casExcludeSuffix: o=NetscapeRoot
casExcludeSuffix: cn=config
casService: fds
casConfFile: /etc/security/cas.conf
casMaxCachedTimeAcc: 1000
casMaxCachedTimeCrea: 7200
casIDAttr: uid
casNumCreds: 15
casMaxCachedUsers: 20000
Copy file cas-plugin.ldif to [serverRoot]/slapd-[serverID]/config/schema/66cas-plugin.ldif
(change '66' for a value suitable for you)
(the oids in the file are just samples; change them)
Edit 'cas.conf' with your system configuration. Copy it to a place suitable for you (the same as in dse.ldif).
Start LDAP server
This Program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
What's New in This Release:
· Support for concurrent sessions in credentials cache module.
Product's homepage
Find us on Google+
