Posted by aasarava on October 5, 2011 at 11:47pm
I'm hoping some of you who have experiencing using CAS and CAS Attributes on UC Berkeley sites can help me with a couple questions about ideal setup:
I've got the modules set up and can see LDAP attributes, but there aren't any available CAS attributes. Is that normal? I'm using auth-test.berkeley.edu and ldap-test.berkeley.edu.
Also, what's the best way to deal with the fact that you don't always get an email address in the LDAP attributes? Do you just leave the user email field blank when new accounts are created? (Or maybe there's an email in my missing CAS attributes?)
Thanks!
Comments
LDAP attributes
I've only ever gotten LDAP attributes.
The cas-ldap-mail attribute is always populated, but the contents are not always available to an anonymous bind. Students have to opt in to have it available, and faculty/staff can opt out. In order to get all email addresses, you have to apply for a privileged bind and specify which fields you want to see.
You can set it to automatically generate an email address based on the CAS username and a domain that you specify, but then you get things like 49609@berkeley.edu, which is no better than inserting a dummy address. But it might be useful to prevent unforeseen errors if you're creating users in bulk with Feeds or User Import.
Thanks, Caroline. That
Thanks, Caroline. That confirms my suspicions. Hopefully I can get away with not specifying an email address at all, but it's good to know there's always the possibility of a privileged bind.
CAS
CAS itself doesn't have attributes, it's purely for authentication.