Ashima wrote:
> Hi
> I am using BindLdapAuthenticationHandler for authentication. I am extracting
> additional attributes using 'attributeRepository' as follows:-
>
> <bean id="attributeRepository"
>
> class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
> <property name="baseDN" value="ou=people,dc=XXXX,dc=edu" />
> <property name="query" value="(tEduPersonNetID={0})" />
> <property name="contextSource" ref="contextSource" />
> <property name="ldapAttributesToPortalAttributes">
> <map>
> <entry key="tEduPersonNetID"
> value="tEduPersonNetID" />
> <entry key="tEduPersonUIN"
> value="tEduPersonUIN" />
> <entry key="tStatus" value="tStatus" />
> </map>
> </property>
> </bean>
>
> My requirement is that even if username and password combination is
> authenticated successfully, but if the attribute 'tStatus' has value 'false'
> then do not log-in the user.
>
> Please let me know if you have any directions on how to do this??
Why not change your filter in
CredentialsToLDAPAttributePrincipalResolver to something like:
(&(tEduPersonNetID={0})(!(tStatus=false)))
or:
(&(tEduPersonNetID={0})(tStatus=true))
This would only return results for those entries that have the tStatus
you wish to allow or disallow.
--
You are currently subscribed to cas-dev@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev
