Use this:
<entry key-ref="ldapAuthenticationHandler" value-ref="#{null}" />
Cheers, D.
On Sun, Jul 17, 2016 at 21:57, Nick Couchman <[email protected]>
wrote:
I'm having a really hard time figuring out the proper
deployerContextConfiguration.xml settings to get LDAP attributes from the
existing LDAP Authentication Handler rather than having to set up a
separate LDAP Directory search for attributes. I've found several
references to how to set it up, but they seem to assume some knowledge that
I don't have. My current config is below, and, based on this config, all of
the attributes show up with empty values because it's using the stub driver
with the backing map, which has blank values. Can anyone tell me what I
need to change to get LDAP attributes out of the ldapAuthenticationHandler
and not have to set up a separate LDAP Directory connection for retrieving
them?
Thanks - Nick
==Begin Config==
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:context="http://www.springframework.org/schema/context";
xmlns:p="http://www.springframework.org/schema/p";
xmlns:c="http://www.springframework.org/schema/c";
xmlns:aop="http://www.springframework.org/schema/aop";
xmlns:tx="http://www.springframework.org/schema/tx";
xmlns:util="http://www.springframework.org/schema/util";
xmlns:sec="http://www.springframework.org/schema/security";
xmlns:ldaptive="http://www.ldaptive.org/schema/spring-ext";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util.xsd
http://www.ldaptive.org/schema/spring-ext
http://www.ldaptive.org/schema/spring-ext.xsd";>
<util:map id="authenticationHandlersResolvers">
<entry key-ref="ldapAuthenticationHandler"
value-ref="primaryPrincipalResolver" />
<entry key-ref="proxyAuthenticationHandler"
value-ref="proxyPrincipalResolver" />
<entry key-ref="primaryAuthenticationHandler" value="#{null}" />
</util:map>
<util:list id="authenticationMetadataPopulators">
<ref bean="successfulHandlerMetaDataPopulator" />
<ref bean="rememberMeAuthenticationMetaDataPopulator" />
</util:list>
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao"
p:backingMap-ref="attrRepoBackingMap" />
<alias name="acceptUsersAuthenticationHandler"
alias="primaryAuthenticationHandler" />
<alias name="personDirectoryPrincipalResolver"
alias="primaryPrincipalResolver" />
<util:map id="attrRepoBackingMap">
<entry key="displayName" value="" />
<entry key="mail" value="" />
<entry key="groupMembership" value="" />
<entry key="cn" value="" />
<entry key="givenName" value="" />
<entry key="sn" value="" />
<entry key="uid" value="" />
<entry key="uidNumber" value="" />
<entry key="gidNumber" value="" />
</util:map>
<alias name="serviceThemeResolver" alias="themeResolver" />
<alias name="jsonServiceRegistryDao" alias="serviceRegistryDao" />
<alias name="defaultTicketRegistry" alias="ticketRegistry" />
<alias name="ticketGrantingTicketExpirationPolicy"
alias="grantingTicketExpirationPolicy" />
<alias name="multiTimeUseOrTimeoutExpirationPolicy"
alias="serviceTicketExpirationPolicy" />
<alias name="anyAuthenticationPolicy" alias="authenticationPolicy" />
<alias name="acceptAnyAuthenticationPolicyFactory"
alias="authenticationPolicyFactory" />
<bean id="auditTrailManager"
class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager"
p:entrySeparator="${cas.audit.singleline.separator:|}"
p:useSingleLine="${cas.audit.singleline:false}"/>
<alias name="neverThrottle" alias="authenticationThrottle" />
<util:list id="monitorsList">
<ref bean="memoryMonitor" />
<ref bean="sessionMonitor" />
</util:list>
<alias name="defaultPrincipalFactory" alias="principalFactory" />
<alias name="defaultAuthenticationTransactionManager"
alias="authenticationTransactionManager" />
<alias name="defaultPrincipalElectionStrategy"
alias="principalElectionStrategy" />
<alias name="tgcCipherExecutor" alias="defaultCookieCipherExecutor" />
<bean id="ldapAuthenticationHandler"
class="org.jasig.cas.authentication.LdapAuthenticationHandler"
p:principalIdAttribute="mail"
c:authenticator-ref="authenticator">
<property name="principalAttributeMap">
<map>
<entry key="displayName" value="simpleName" />
<entry key="mail" value="email" />
<entry key="groupMembership" value="membership" />
<entry key="cn" value="cn" />
<entry key="givenName" value="givenName" />
<entry key="sn" value="sn" />
<entry key="uid" value="uid" />
<entry key="uidNumber" value="uidNumber" />
<entry key="gidNumber" value="gidNumber" />
</map>
</property>
</bean>
<ldaptive:anonymous-search-authenticator id="authenticator"
ldapUrl="${ldap.url}"
connectTimeout="${ldap.connectTimeout}"
validateOnCheckOut="${ldap.pool.validateOnCheckout}"
failFastInitialize="true"
blockWaitTime="${ldap.pool.blockWaitTime}"
idleTime="${ldap.pool.idleTime}"
maxPoolSize="${ldap.pool.maxSize}"
minPoolSize="${ldap.pool.minSize}"
validatePeriodically="${ldap.pool.validatePeriodically}"
validatePeriod="${ldap.pool.validatePeriod}"
prunePeriod="${ldap.pool.prunePeriod}"
useSSL="${ldap.use.ssl:false}"
useStartTLS="${ldap.useStartTLS}"
usePasswordPolicy="${ldap.usePpolicy:true}"
allowMultipleDns="${ldap.allowMultipleDns:false}"
baseDn="${ldap.baseDn}"
subtreeSearch="${ldap.subtree.search:true}"
userFilter="${ldap.authn.searchFilter}"
/>
</beans>
--
You received this message because you are subscribed to the Google Groups
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2211f8aa-50ac-49d2-a42b-4cb37e323d3a%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/97c3b1da-e128-4ee1-8f16-d06daa357f09%40unicon.net.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
