CAS sso login not the ldap user but created a new user:

Seafile with LDAP login uid is mail, but after CAS sso login create a user call xxxx@seafile.local, not the domain of xxx@mydomain.com, not the same user.

how to slove this problem.

ENABLE_CAS = True
CAS_SERVER_URL = ‘https:// 172.16.1.123’
CAS_LOGOUT_COMPLETELY = True
CAS_SERVER_CERT_VERIFY = False

[LDAP]
HOST = ldap://172.16.1.3
BASE = dc=abc,dc=com
USER_DN = cn=yourname,dc=abc,dc=com
PASSWORD = 12345678
LOGIN_ATTR = mail

[LDAP_SYNC]
ENABLE_USER_SYNC = true
DEACTIVE_USER_IF_NOTFOUND = true
SYNC_INTERVAL = 60
USER_OBJECT_CLASS = person
ENABLE_EXTRA_USER_INFO_SYNC = true
CONTACT_EMAIL_ATTR = mail
FIRST_NAME_ATTR = givenName
LAST_NAME_ATTR = sn
USER_NAME_REVERSE = true
UID_ATTR = sAMAccountName
ACTIVATE_USER_WHEN_IMPORT = true
SYNC_DEPARTMENT_FROM_OU = true
CREATE_DEPARTMENT_LIBRARY = true

CAS is no longer supported and recommended by Seafile. You should try other SSO protocols like OAuth or SAML. For those protocols, you need to make sure the attribute you use for login uid consistent with the one you use in LDAP.

Thank you Jonathan. So, in my config, I’m using UID_ATTR = sAMAccountName, is it means my CAS need to transfer sAMAccountName to Seafile , Or using LOGIN_ATTR = mail ?

CAS should transfer ‘mail’ to Seafile. This will hep Seafile to identify the same user.

I am really confuse, no matter what I tranfer ‘UID’ ‘MAIL’ ‘Username’ still login as xxxx@seafile.local, not identify the Ldap user xxxx@mydomain.com. My CAS is 2.0.

Hi,

As I mentioned, CAS is no longer supported and actively maintained by Seafile. You should try other SSO protocols.

An alternative way is to configure the web proxy to authenticate with CAS. Then you can configure Seafile to get user information from remote-user header. See https://download.seafile.com/published/seafile-manual/deploy/remote_user.md

1 Like