I am using org.apereo.cas:cas-server-support-ldap-core with the following
config to retrieve attributes after the authentication step.
....
ldap[0]:
attributes:
description: description
bind-credential: ${authn.ldap.bind-credential}
base-dn: ${authn.ldap.base-dn-admin}
bind-dn: ${authn.ldap.bind-dn}
connect-timeout: PT3S
id: administrators
ldap-url: ${ldap-url}
order: 2
search-filter: uid={user}
...
This results in the below log output (at bottom of email) (more available
upon request). Since the search is submitted with the service (_not_
serviceId), no attribute is returned. This behaviour is new since version
6.5
I have looked at the code in:
https://github.com/apereo/cas/blob/v7.0.0/support/cas-server-support-person-directory/src/main/java/org/apereo/cas/config/CasPersonDirectoryLdapConfiguration.java
https://github.com/apereo/person-directory/blob/person-directory-parent-3.0.1/person-directory-impl/src/main/java/org/apereo/services/persondir/support/ldap/LdaptivePersonAttributeDao.java
https://github.com/apereo/cas/blob/master/support/cas-server-support-ldap-core/src/main/java/org/apereo/cas/util/LdapConnectionFactory.java
https://github.com/apereo/cas/blob/master/support/cas-server-support-ldap-core/src/main/java/org/apereo/cas/util/LdapUtils.java
I would like to know where LdaptivePersonAttributeDao is being accessed in
other parts of the cas code? That is, what populates the attributes and how
it chooses the particular attribute:value to submit to the search request?
Thanks,
Ray
cas | 2024-01-25 22:13:56,810 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding
attribute 'principal' with value '[rbon]' to query builder 'null'>
[https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:56,811 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed
LDAP search query [uid=rbon]> [https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:56,811 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding
attribute 'credentialClass' with value '[UsernamePasswordCredential]' to
query builder '[org.ldaptive.FilterTemplate@748158591::filter=uid={user},
parameters={user=rbon}]'> [https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:56,811 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed
LDAP search query [uid=UsernamePasswordCredential]>
[https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:56,811 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding
attribute 'credentialId' with value '[rbon]' to query builder
'[org.ldaptive.FilterTemplate@-147358242::filter=uid={user},
parameters={user=UsernamePasswordCredential}]'>
[https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:56,811 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed
LDAP search query [uid=rbon]> [https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:56,811 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding
attribute 'username' with value '[rbon]' to query builder
'[org.ldaptive.FilterTemplate@748158591::filter=uid={user},
parameters={user=rbon}]'> [https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:56,811 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed
LDAP search query [uid=rbon]> [https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:56,811 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding
attribute 'service' with value
'[https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient]'
to query builder
'[org.ldaptive.FilterTemplate@748158591::filter=uid={user},
parameters={user=rbon}]'> [https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:56,811 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed
LDAP search query
[uid=https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient]>
[https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:56,811 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Generated query
builder '[org.ldaptive.FilterTemplate@-621386179::filter=uid={user},
parameters={user=https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient}]'
from query Map {principal=[rbon],
credentialClass=[UsernamePasswordCredential], credentialId=[rbon],
username=[rbon],
service=[https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient]}.>
[https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:56,812 TRACE [
org.ldap.SearchRequest] - <setting baseDn: ou=...>
[https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:56,812 TRACE [
org.ldap.SearchRequest] - <setting filter:
[org.ldaptive.FilterTemplate@-621386179::filter=uid={user},
parameters={user=https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient}]>
[https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:56,812 TRACE [
org.ldap.SearchRequest] - <setting binaryAttributes:
[objectGUID, objectSid]> [https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:56,813 TRACE [
org.ldap.SearchRequest] - <setting returnAttributes:
[eduPersonEntitlement, uid, mail, eduPersonAffiliation, givenName,
eduPersonPrincipalName, sn, cn, memberOf]> [https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:56,813 TRACE [
org.ldap.SearchRequest] - <setting searchScope: SUBTREE>
[https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:56,813 TRACE [
org.ldap.SearchRequest] - <setting sizeLimit: 0>
[https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:56,813 TRACE [
org.ldap.SearchRequest] - <setting timeLimit: PT0S>
[https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:57,040 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding
attribute 'principal' with value '[rbon]' to query builder 'null'>
[https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:57,040 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed
LDAP search query [uid=rbon]> [https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:57,040 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding
attribute 'credentialClass' with value '[UsernamePasswordCredential]' to
query builder '[org.ldaptive.FilterTemplate@748158591::filter=uid={user},
parameters={user=rbon}]'> [https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:57,040 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed
LDAP search query [uid=UsernamePasswordCredential]>
[https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:57,040 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding
attribute 'credentialId' with value '[rbon]' to query builder
'[org.ldaptive.FilterTemplate@-147358242::filter=uid={user},
parameters={user=UsernamePasswordCredential}]'>
[https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:57,040 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed
LDAP search query [uid=rbon]> [https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:57,041 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding
attribute 'username' with value '[rbon]' to query builder
'[org.ldaptive.FilterTemplate@748158591::filter=uid={user},
parameters={user=rbon}]'> [https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:57,041 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed
LDAP search query [uid=rbon]> [https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:57,041 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding
attribute 'service' with value
'[https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient]'
to query builder
'[org.ldaptive.FilterTemplate@748158591::filter=uid={user},
parameters={user=rbon}]'> [https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:57,041 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed
LDAP search query
[uid=https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient]>
[https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:57,041 DEBUG [
org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Generated query
builder '[org.ldaptive.FilterTemplate@-621386179::filter=uid={user},
parameters={user=https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient}]'
from query Map {principal=[rbon],
credentialClass=[UsernamePasswordCredential], credentialId=[rbon],
username=[rbon],
service=[https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient]}.>
[https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:57,041 TRACE [
org.ldap.SearchRequest] - <setting baseDn:
ou=administrators,ou=...> [https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:57,041 TRACE [
org.ldap.SearchRequest] - <setting filter:
[org.ldaptive.FilterTemplate@-621386179::filter=uid={user},
parameters={user=https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient}]>
[https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:57,042 TRACE [
org.ldap.SearchRequest] - <setting binaryAttributes:
[objectGUID, objectSid]> [https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:57,042 TRACE [
org.ldap.SearchRequest] - <setting returnAttributes:
[description]> [https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:57,042 TRACE [
org.ldap.SearchRequest] - <setting searchScope: SUBTREE>
[https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:57,042 TRACE [
org.ldap.SearchRequest] - <setting sizeLimit: 0>
[https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:57,042 TRACE [
org.ldap.SearchRequest] - <setting timeLimit: PT0S>
[https-openssl-nio-8443-exec-9]
cas | 2024-01-25 22:13:57,277 INFO [
org.aper.cas.auth.DefaultAuthenticationManager] - <Authenticated principal
[rbon] with attributes [{domain=[uvic.ca], username=[rbon]}] via
credentials [[UsernamePasswordCredential(username=rbon, source=null,
customFields={})]].> [https-openssl-nio-8443-exec-9]
--
You received this message because you are subscribed to the Google Groups "CAS
Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-dev/de75ed46-761a-4acf-a641-c31360a0cd05n%40apereo.org.
