To clarify the sentence about the service being submitted for ldap search.
What is happening:
uid=https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient
what should happen
uid=rbon
Ray
On Friday, January 26, 2024 at 9:26:10 p.m. UTC-8 Ray Bon wrote:
> I am using org.apereo.cas:cas-server-support-ldap-core with the following
> config to retrieve attributes after the authentication step.
>
> ....
> ldap[0]:
> attributes:
> description: description
> bind-credential: ${authn.ldap.bind-credential}
> base-dn: ${authn.ldap.base-dn-admin}
> bind-dn: ${authn.ldap.bind-dn}
> connect-timeout: PT3S
> id: administrators
> ldap-url: ${ldap-url}
> order: 2
> search-filter: uid={user}
> ...
>
> This results in the below log output (at bottom of email) (more available
> upon request). Since the search is submitted with the service (_not_
> serviceId), no attribute is returned. This behaviour is new since version
> 6.5
>
> I have looked at the code in:
>
> https://github.com/apereo/cas/blob/v7.0.0/support/cas-server-support-person-directory/src/main/java/org/apereo/cas/config/CasPersonDirectoryLdapConfiguration.java
>
> https://github.com/apereo/person-directory/blob/person-directory-parent-3.0.1/person-directory-impl/src/main/java/org/apereo/services/persondir/support/ldap/LdaptivePersonAttributeDao.java
>
> https://github.com/apereo/cas/blob/master/support/cas-server-support-ldap-core/src/main/java/org/apereo/cas/util/LdapConnectionFactory.java
>
> https://github.com/apereo/cas/blob/master/support/cas-server-support-ldap-core/src/main/java/org/apereo/cas/util/LdapUtils.java
>
> I would like to know where LdaptivePersonAttributeDao is being accessed in
> other parts of the cas code? That is, what populates the attributes and how
> it chooses the particular attribute:value to submit to the search request?
>
> Thanks,
>
> Ray
>
>
> cas | 2024-01-25 22:13:56,810 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding
> attribute 'principal' with value '[rbon]' to query builder 'null'>
> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:56,811 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed
> LDAP search query [uid=rbon]> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:56,811 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding
> attribute 'credentialClass' with value '[UsernamePasswordCredential]' to
> query builder '[org.ldaptive.FilterTemplate@748158591::filter=uid={user},
> parameters={user=rbon}]'> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:56,811 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed
> LDAP search query [uid=UsernamePasswordCredential]>
> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:56,811 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding
> attribute 'credentialId' with value '[rbon]' to query builder
> '[org.ldaptive.FilterTemplate@-147358242::filter=uid={user},
> parameters={user=UsernamePasswordCredential}]'>
> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:56,811 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed
> LDAP search query [uid=rbon]> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:56,811 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding
> attribute 'username' with value '[rbon]' to query builder
> '[org.ldaptive.FilterTemplate@748158591::filter=uid={user},
> parameters={user=rbon}]'> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:56,811 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed
> LDAP search query [uid=rbon]> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:56,811 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding
> attribute 'service' with value '[
> https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient]'
>
> to query builder
> '[org.ldaptive.FilterTemplate@748158591::filter=uid={user},
> parameters={user=rbon}]'> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:56,811 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed
> LDAP search query [uid=
> https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient]>
>
> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:56,811 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Generated query
> builder '[org.ldaptive.FilterTemplate@-621386179::filter=uid={user},
> parameters={user=
> https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient}]'
>
> from query Map {principal=[rbon],
> credentialClass=[UsernamePasswordCredential], credentialId=[rbon],
> username=[rbon], service=[
> https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient]}.>
>
> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:56,812 TRACE [
> org.ldap.SearchRequest] - <setting baseDn: ou=...>
> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:56,812 TRACE [
> org.ldap.SearchRequest] - <setting filter:
> [org.ldaptive.FilterTemplate@-621386179::filter=uid={user},
> parameters={user=
> https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient}]>
>
> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:56,812 TRACE [
> org.ldap.SearchRequest] - <setting binaryAttributes:
> [objectGUID, objectSid]> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:56,813 TRACE [
> org.ldap.SearchRequest] - <setting returnAttributes:
> [eduPersonEntitlement, uid, mail, eduPersonAffiliation, givenName,
> eduPersonPrincipalName, sn, cn, memberOf]> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:56,813 TRACE [
> org.ldap.SearchRequest] - <setting searchScope: SUBTREE>
> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:56,813 TRACE [
> org.ldap.SearchRequest] - <setting sizeLimit: 0>
> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:56,813 TRACE [
> org.ldap.SearchRequest] - <setting timeLimit: PT0S>
> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:57,040 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding
> attribute 'principal' with value '[rbon]' to query builder 'null'>
> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:57,040 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed
> LDAP search query [uid=rbon]> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:57,040 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding
> attribute 'credentialClass' with value '[UsernamePasswordCredential]' to
> query builder '[org.ldaptive.FilterTemplate@748158591::filter=uid={user},
> parameters={user=rbon}]'> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:57,040 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed
> LDAP search query [uid=UsernamePasswordCredential]>
> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:57,040 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding
> attribute 'credentialId' with value '[rbon]' to query builder
> '[org.ldaptive.FilterTemplate@-147358242::filter=uid={user},
> parameters={user=UsernamePasswordCredential}]'>
> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:57,040 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed
> LDAP search query [uid=rbon]> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:57,041 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding
> attribute 'username' with value '[rbon]' to query builder
> '[org.ldaptive.FilterTemplate@748158591::filter=uid={user},
> parameters={user=rbon}]'> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:57,041 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed
> LDAP search query [uid=rbon]> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:57,041 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding
> attribute 'service' with value '[
> https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient]'
>
> to query builder
> '[org.ldaptive.FilterTemplate@748158591::filter=uid={user},
> parameters={user=rbon}]'> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:57,041 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed
> LDAP search query [uid=
> https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient]>
>
> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:57,041 DEBUG [
> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Generated query
> builder '[org.ldaptive.FilterTemplate@-621386179::filter=uid={user},
> parameters={user=
> https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient}]'
>
> from query Map {principal=[rbon],
> credentialClass=[UsernamePasswordCredential], credentialId=[rbon],
> username=[rbon], service=[
> https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient]}.>
>
> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:57,041 TRACE [
> org.ldap.SearchRequest] - <setting baseDn:
> ou=administrators,ou=...> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:57,041 TRACE [
> org.ldap.SearchRequest] - <setting filter:
> [org.ldaptive.FilterTemplate@-621386179::filter=uid={user},
> parameters={user=
> https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient}]>
>
> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:57,042 TRACE [
> org.ldap.SearchRequest] - <setting binaryAttributes:
> [objectGUID, objectSid]> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:57,042 TRACE [
> org.ldap.SearchRequest] - <setting returnAttributes:
> [description]> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:57,042 TRACE [
> org.ldap.SearchRequest] - <setting searchScope: SUBTREE>
> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:57,042 TRACE [
> org.ldap.SearchRequest] - <setting sizeLimit: 0>
> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:57,042 TRACE [
> org.ldap.SearchRequest] - <setting timeLimit: PT0S>
> [https-openssl-nio-8443-exec-9]
> cas | 2024-01-25 22:13:57,277 INFO [
> org.aper.cas.auth.DefaultAuthenticationManager] - <Authenticated principal
> [rbon] with attributes [{domain=[uvic.ca], username=[rbon]}] via
> credentials [[UsernamePasswordCredential(username=rbon, source=null,
> customFields={})]].> [https-openssl-nio-8443-exec-9]
>
>
>
--
You received this message because you are subscribed to the Google Groups "CAS
Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-dev/307bbd8b-7f31-4fb6-8054-dfc63261180bn%40apereo.org.
