Whoops, typo in my config, the "multi-valued key support for attributes" works after all. Mea culpa.
Mahalo for all the suggestions! On Tue, May 10, 2016 at 12:21:45PM -1000, Baron Fujimoto wrote: >[*] <https://wiki.jasig.org/display/CASUM/Attributes> > >Actually, upon further review of that page, I found the previously >unnoticed section (perhaps because our config was developed for <3.4.12) >which looks like it should do what we want. > ><https://wiki.jasig.org/display/CASUM/Attributes#Attributes-Configuringmulti-valuedkeysupportforattributes> > >However, after following those directions, the Services Management app >doesn't know about the myPersonId and personUid attributes, but only >myPersonIdSet (to use the documentation example) > >Perhaps this is only available from version 3.4.12+ onwards? > >On Tue, May 10, 2016 at 04:08:54PM -0400, Daniel Ellentuck wrote: >>Hi Baron, >> >>You can definitely get what you want without changing LDAP. Referring to >>the Spring bean definitions, you could create a second personAttributeDao >>for your attributeRepository that adds in resultAttr2. Or, to take it to >>the next level, if your requirements were more complicated and you wanted >>to do additional manipulation of the incoming attribute data, you could >>extend org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao to >>make it behave just like you want. >> >> Dan >> >>Dan Ellentuck >>Columbia University I.T. >> >> >>On Tue, May 10, 2016 at 3:37 PM, Baron Fujimoto <[email protected]> wrote: >> >>> On Fri, May 06, 2016 at 04:51:33PM -1000, Baron Fujimoto wrote: >>> >We're using LdapPersonAttributeDao in CAS 3.4.11's >>> deployerConfigContext.xml >>> >to return attributes for /samlValidate. Is there a way to configure it to >>> >use the same source attribute to return more than one result attribute? >>> That >>> >is, we'd like to query "srcAttr" from LDAP and return its value as both >>> >"resultAttr1" and "resultAttr2". Only one-to-one mappings are allowed by >>> > >>> ><property name="resultAttributeMapping"> >>> > <map> >>> > <entry key="srcAttr" value="resultAttr1"/> >>> > <entry key="srcAttr" value="resultAttr2"/> >>> > </map> >>> ></property> >>> > >>> >So that type of shenanigans doesn't work. Is there another way to >>> >achieve this? >>> >>> Sorry to follow up my own post, but can anyone tell me if this is >>> achievable, or do I need to pursue some other non-CAS option? For example, >>> replicating the source attribute in LDAP seems like an unpalatable kludge. >>> >>> -- >>> Baron Fujimoto <[email protected]> :: UH Information Technology Services >>> minutas cantorum, minutas balorum, minutas carboratum desendus pantorum >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> To post to this group, send email to [email protected]. >>> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ >>> . >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/20160510193746.GI766%40praenomen.mgt.hawaii.edu >>> . >>> For more options, visit https://groups.google.com/a/apereo.org/d/optout. >>> > >-- >Baron Fujimoto <[email protected]> :: UH Information Technology Services >minutas cantorum, minutas balorum, minutas carboratum desendus pantorum -- Baron Fujimoto <[email protected]> :: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum desendus pantorum -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20160511003344.GL766%40praenomen.mgt.hawaii.edu. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
