Have you followed this doc? https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html#configuration
Specially the part that says "If you do decide to let the authentication handler retrieve attributes instead of a separate principal resolver, you will need to….” Sounds like what you were asking. -- Misagh From: Nick Couchman <[email protected]> Reply: Nick Couchman <[email protected]> Date: July 17, 2016 at 6:57:34 PM To: CAS Community <[email protected]> Subject: [cas-user] Attributes from LDAP Authentication Handler I'm having a really hard time figuring out the proper deployerContextConfiguration.xml settings to get LDAP attributes from the existing LDAP Authentication Handler rather than having to set up a separate LDAP Directory search for attributes. I've found several references to how to set it up, but they seem to assume some knowledge that I don't have. My current config is below, and, based on this config, all of the attributes show up with empty values because it's using the stub driver with the backing map, which has blank values. Can anyone tell me what I need to change to get LDAP attributes out of the ldapAuthenticationHandler and not have to set up a separate LDAP Directory connection for retrieving them? Thanks - Nick ==Begin Config== <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:context="http://www.springframework.org/schema/context"; xmlns:p="http://www.springframework.org/schema/p"; xmlns:c="http://www.springframework.org/schema/c"; xmlns:aop="http://www.springframework.org/schema/aop"; xmlns:tx="http://www.springframework.org/schema/tx"; xmlns:util="http://www.springframework.org/schema/util"; xmlns:sec="http://www.springframework.org/schema/security"; xmlns:ldaptive="http://www.ldaptive.org/schema/spring-ext"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://www.ldaptive.org/schema/spring-ext http://www.ldaptive.org/schema/spring-ext.xsd";> <util:map id="authenticationHandlersResolvers"> <entry key-ref="ldapAuthenticationHandler" value-ref="primaryPrincipalResolver" /> <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> <entry key-ref="primaryAuthenticationHandler" value="#{null}" /> </util:map> <util:list id="authenticationMetadataPopulators"> <ref bean="successfulHandlerMetaDataPopulator" /> <ref bean="rememberMeAuthenticationMetaDataPopulator" /> </util:list> <bean id="attributeRepository" class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao" p:backingMap-ref="attrRepoBackingMap" /> <alias name="acceptUsersAuthenticationHandler" alias="primaryAuthenticationHandler" /> <alias name="personDirectoryPrincipalResolver" alias="primaryPrincipalResolver" /> <util:map id="attrRepoBackingMap"> <entry key="displayName" value="" /> <entry key="mail" value="" /> <entry key="groupMembership" value="" /> <entry key="cn" value="" /> <entry key="givenName" value="" /> <entry key="sn" value="" /> <entry key="uid" value="" /> <entry key="uidNumber" value="" /> <entry key="gidNumber" value="" /> </util:map> <alias name="serviceThemeResolver" alias="themeResolver" /> <alias name="jsonServiceRegistryDao" alias="serviceRegistryDao" /> <alias name="defaultTicketRegistry" alias="ticketRegistry" /> <alias name="ticketGrantingTicketExpirationPolicy" alias="grantingTicketExpirationPolicy" /> <alias name="multiTimeUseOrTimeoutExpirationPolicy" alias="serviceTicketExpirationPolicy" /> <alias name="anyAuthenticationPolicy" alias="authenticationPolicy" /> <alias name="acceptAnyAuthenticationPolicyFactory" alias="authenticationPolicyFactory" /> <bean id="auditTrailManager" class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager" p:entrySeparator="${cas.audit.singleline.separator:|}" p:useSingleLine="${cas.audit.singleline:false}"/> <alias name="neverThrottle" alias="authenticationThrottle" /> <util:list id="monitorsList"> <ref bean="memoryMonitor" /> <ref bean="sessionMonitor" /> </util:list> <alias name="defaultPrincipalFactory" alias="principalFactory" /> <alias name="defaultAuthenticationTransactionManager" alias="authenticationTransactionManager" /> <alias name="defaultPrincipalElectionStrategy" alias="principalElectionStrategy" /> <alias name="tgcCipherExecutor" alias="defaultCookieCipherExecutor" /> <bean id="ldapAuthenticationHandler" class="org.jasig.cas.authentication.LdapAuthenticationHandler" p:principalIdAttribute="mail" c:authenticator-ref="authenticator"> <property name="principalAttributeMap"> <map> <entry key="displayName" value="simpleName" /> <entry key="mail" value="email" /> <entry key="groupMembership" value="membership" /> <entry key="cn" value="cn" /> <entry key="givenName" value="givenName" /> <entry key="sn" value="sn" /> <entry key="uid" value="uid" /> <entry key="uidNumber" value="uidNumber" /> <entry key="gidNumber" value="gidNumber" /> </map> </property> </bean> <ldaptive:anonymous-search-authenticator id="authenticator" ldapUrl="${ldap.url}" connectTimeout="${ldap.connectTimeout}" validateOnCheckOut="${ldap.pool.validateOnCheckout}" failFastInitialize="true" blockWaitTime="${ldap.pool.blockWaitTime}" idleTime="${ldap.pool.idleTime}" maxPoolSize="${ldap.pool.maxSize}" minPoolSize="${ldap.pool.minSize}" validatePeriodically="${ldap.pool.validatePeriodically}" validatePeriod="${ldap.pool.validatePeriod}" prunePeriod="${ldap.pool.prunePeriod}" useSSL="${ldap.use.ssl:false}" useStartTLS="${ldap.useStartTLS}" usePasswordPolicy="${ldap.usePpolicy:true}" allowMultipleDns="${ldap.allowMultipleDns:false}" baseDn="${ldap.baseDn}" subtreeSearch="${ldap.subtree.search:true}" userFilter="${ldap.authn.searchFilter}" /> </beans> -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2211f8aa-50ac-49d2-a42b-4cb37e323d3a%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.578c73a5.185532a6.184f0%40unicon.net. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
