Afternoon,
CAS 4.2.1
I'm having a little difficulty figuring out how to resolve a normalized
principal from an LDAP directory. E.g. user enters 'Fred' as the username and
I'd like to return the principal 'fred' from the uid attribute (as stored in
the directory).
If I use the (largely default) config below, entering "FRED" returns "FRED" at
serviceValidate (LDAP being case-insensitive, authentication does succeed).
Code behind ldapAuthenticationHandler looks like it should populate attributes.
(Re: the JAAS line, we're layering in a legacy credential store. Bonus if we
can query the directory to return a normalized name here, as well.)
Ideas on what I'm missing? Do I need to dive into the
personDirectoryPrincipalResolver? Cf.
cas.principal.resolver.persondir.return.null
cas.principal.resolver.persondir.principal.attribute
Thanks!
Tom.
deployerContextConfig.xml:
<util:map id="authenticationHandlersResolvers">
<entry key-ref="proxyAuthenticationHandler"
value-ref="proxyPrincipalResolver" />
<entry key-ref="ldapAuthenticationHandler"
value-ref="primaryPrincipalResolver" />
<entry key-ref="jaasAuthenticationHandler"
value-ref="primaryPrincipalResolver" />
</util:map>
<util:list id="authenticationMetadataPopulators" />
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao"
p:backingMap-ref="attrRepoBackingMap" />
<alias name="personDirectoryPrincipalResolver"
alias="primaryPrincipalResolver" />
<util:map id="attrRepoBackingMap">
<entry key="uid" value="uid" />
...
<bean id="ldapAuthenticationHandler"
class="org.jasig.cas.authentication.LdapAuthenticationHandler"
p:principalIdAttribute="uid"
c:authenticator-ref="authenticator">
<property name="principalAttributeMap">
<map>
<entry key="displayName" value="simpleName" />
<entry key="mail" value="email" />
<entry key="memberOf" value="membership" />
</map>
</property>
</bean>
<ldaptive:bind-search-authenticator
id="authenticator"
ldapUrl="${ldap.url}"
baseDn="${ldap.baseDn}"
userFilter="${ldap.authn.searchFilter}"
bindDn="${ldap.managerDn}"
bindCredential="${ldap.managerPassword}"
...
ldap.properties:
ldap.url=...
ldap.baseDn=...
ldap.authn.searchFilter=(uid={user})
...
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/B88CFE34-93D9-420E-BA54-12AC24146AAD%40ucdavis.edu.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
