You can review PrincipalAttributeRepositoryFetcher. On Sunday, January 28, 2024 at 6:54:08 PM UTC+4 [email protected] wrote:
> To clarify the sentence about the service being submitted for ldap search. > What is happening: > uid= > https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient > what should happen > uid=rbon > > Ray > > On Friday, January 26, 2024 at 9:26:10 p.m. UTC-8 Ray Bon wrote: > >> I am using org.apereo.cas:cas-server-support-ldap-core with the following >> config to retrieve attributes after the authentication step. >> >> .... >> ldap[0]: >> attributes: >> description: description >> bind-credential: ${authn.ldap.bind-credential} >> base-dn: ${authn.ldap.base-dn-admin} >> bind-dn: ${authn.ldap.bind-dn} >> connect-timeout: PT3S >> id: administrators >> ldap-url: ${ldap-url} >> order: 2 >> search-filter: uid={user} >> ... >> >> This results in the below log output (at bottom of email) (more >> available upon request). Since the search is submitted with the service >> (_not_ serviceId), no attribute is returned. This behaviour is new since >> version 6.5 >> >> I have looked at the code in: >> >> https://github.com/apereo/cas/blob/v7.0.0/support/cas-server-support-person-directory/src/main/java/org/apereo/cas/config/CasPersonDirectoryLdapConfiguration.java >> >> https://github.com/apereo/person-directory/blob/person-directory-parent-3.0.1/person-directory-impl/src/main/java/org/apereo/services/persondir/support/ldap/LdaptivePersonAttributeDao.java >> >> https://github.com/apereo/cas/blob/master/support/cas-server-support-ldap-core/src/main/java/org/apereo/cas/util/LdapConnectionFactory.java >> >> https://github.com/apereo/cas/blob/master/support/cas-server-support-ldap-core/src/main/java/org/apereo/cas/util/LdapUtils.java >> >> I would like to know where LdaptivePersonAttributeDao is being accessed >> in other parts of the cas code? That is, what populates the attributes and >> how it chooses the particular attribute:value to submit to the search >> request? >> >> Thanks, >> >> Ray >> >> >> cas | 2024-01-25 22:13:56,810 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding >> attribute 'principal' with value '[rbon]' to query builder 'null'> >> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:56,811 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed >> LDAP search query [uid=rbon]> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:56,811 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding >> attribute 'credentialClass' with value '[UsernamePasswordCredential]' to >> query builder '[org.ldaptive.FilterTemplate@748158591::filter=uid={user}, >> parameters={user=rbon}]'> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:56,811 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed >> LDAP search query [uid=UsernamePasswordCredential]> >> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:56,811 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding >> attribute 'credentialId' with value '[rbon]' to query builder >> '[org.ldaptive.FilterTemplate@-147358242::filter=uid={user}, >> parameters={user=UsernamePasswordCredential}]'> >> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:56,811 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed >> LDAP search query [uid=rbon]> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:56,811 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding >> attribute 'username' with value '[rbon]' to query builder >> '[org.ldaptive.FilterTemplate@748158591::filter=uid={user}, >> parameters={user=rbon}]'> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:56,811 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed >> LDAP search query [uid=rbon]> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:56,811 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding >> attribute 'service' with value '[ >> https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient]' >> >> to query builder >> '[org.ldaptive.FilterTemplate@748158591::filter=uid={user}, >> parameters={user=rbon}]'> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:56,811 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed >> LDAP search query [uid= >> https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient]> >> >> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:56,811 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Generated query >> builder '[org.ldaptive.FilterTemplate@-621386179::filter=uid={user}, >> parameters={user= >> https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient}]' >> >> from query Map {principal=[rbon], >> credentialClass=[UsernamePasswordCredential], credentialId=[rbon], >> username=[rbon], service=[ >> https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient]}.> >> >> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:56,812 TRACE [ >> org.ldap.SearchRequest] - <setting baseDn: ou=...> >> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:56,812 TRACE [ >> org.ldap.SearchRequest] - <setting filter: >> [org.ldaptive.FilterTemplate@-621386179::filter=uid={user}, >> parameters={user= >> https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient}]> >> >> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:56,812 TRACE [ >> org.ldap.SearchRequest] - <setting binaryAttributes: >> [objectGUID, objectSid]> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:56,813 TRACE [ >> org.ldap.SearchRequest] - <setting returnAttributes: >> [eduPersonEntitlement, uid, mail, eduPersonAffiliation, givenName, >> eduPersonPrincipalName, sn, cn, memberOf]> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:56,813 TRACE [ >> org.ldap.SearchRequest] - <setting searchScope: SUBTREE> >> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:56,813 TRACE [ >> org.ldap.SearchRequest] - <setting sizeLimit: 0> >> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:56,813 TRACE [ >> org.ldap.SearchRequest] - <setting timeLimit: PT0S> >> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:57,040 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding >> attribute 'principal' with value '[rbon]' to query builder 'null'> >> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:57,040 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed >> LDAP search query [uid=rbon]> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:57,040 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding >> attribute 'credentialClass' with value '[UsernamePasswordCredential]' to >> query builder '[org.ldaptive.FilterTemplate@748158591::filter=uid={user}, >> parameters={user=rbon}]'> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:57,040 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed >> LDAP search query [uid=UsernamePasswordCredential]> >> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:57,040 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding >> attribute 'credentialId' with value '[rbon]' to query builder >> '[org.ldaptive.FilterTemplate@-147358242::filter=uid={user}, >> parameters={user=UsernamePasswordCredential}]'> >> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:57,040 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed >> LDAP search query [uid=rbon]> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:57,041 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding >> attribute 'username' with value '[rbon]' to query builder >> '[org.ldaptive.FilterTemplate@748158591::filter=uid={user}, >> parameters={user=rbon}]'> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:57,041 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed >> LDAP search query [uid=rbon]> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:57,041 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Adding >> attribute 'service' with value '[ >> https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient]' >> >> to query builder >> '[org.ldaptive.FilterTemplate@748158591::filter=uid={user}, >> parameters={user=rbon}]'> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:57,041 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Constructed >> LDAP search query [uid= >> https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient]> >> >> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:57,041 DEBUG [ >> org.aper.serv.pers.supp.ldap.LdaptivePersonAttributeDao] - <Generated query >> builder '[org.ldaptive.FilterTemplate@-621386179::filter=uid={user}, >> parameters={user= >> https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient}]' >> >> from query Map {principal=[rbon], >> credentialClass=[UsernamePasswordCredential], credentialId=[rbon], >> username=[rbon], service=[ >> https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient]}.> >> >> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:57,041 TRACE [ >> org.ldap.SearchRequest] - <setting baseDn: >> ou=administrators,ou=...> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:57,041 TRACE [ >> org.ldap.SearchRequest] - <setting filter: >> [org.ldaptive.FilterTemplate@-621386179::filter=uid={user}, >> parameters={user= >> https://democasclientlocal.uvic.ca/democasclient/callback?client_name=CasClient}]> >> >> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:57,042 TRACE [ >> org.ldap.SearchRequest] - <setting binaryAttributes: >> [objectGUID, objectSid]> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:57,042 TRACE [ >> org.ldap.SearchRequest] - <setting returnAttributes: >> [description]> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:57,042 TRACE [ >> org.ldap.SearchRequest] - <setting searchScope: SUBTREE> >> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:57,042 TRACE [ >> org.ldap.SearchRequest] - <setting sizeLimit: 0> >> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:57,042 TRACE [ >> org.ldap.SearchRequest] - <setting timeLimit: PT0S> >> [https-openssl-nio-8443-exec-9] >> cas | 2024-01-25 22:13:57,277 INFO [ >> org.aper.cas.auth.DefaultAuthenticationManager] - <Authenticated principal >> [rbon] with attributes [{domain=[uvic.ca], username=[rbon]}] via >> credentials [[UsernamePasswordCredential(username=rbon, source=null, >> customFields={})]].> [https-openssl-nio-8443-exec-9] >> >> >> -- You received this message because you are subscribed to the Google Groups "CAS Developer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/f93dd7a4-dbc1-427a-a50e-56bb50b917can%40apereo.org.
