hi I have the same problem any help? On Sat, Feb 18, 2017 at 5:56 AM, rbon <r...@uvic.ca> wrote:
> I am unable to retrieve attributes from LDAP. I suspect my problem is a > simple config error/typo. > I have followed instructions here, https://apereo.github.io/cas/4 > .2.x/installation/LDAP-Authentication.html > > Can someone please help me get LDAP attributes? > > deployerConfig.xml > <?xml version="1.0" encoding="UTF-8"?> > <beans xmlns="http://www.springframework.org/schema/beans"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:context="http://www.springframework.org/schema/context"; > xmlns:p="http://www.springframework.org/schema/p"; > xmlns:c="http://www.springframework.org/schema/c"; > xmlns:aop="http://www.springframework.org/schema/aop"; > xmlns:tx="http://www.springframework.org/schema/tx"; > xmlns:util="http://www.springframework.org/schema/util"; > xmlns:sec="http://www.springframework.org/schema/security"; > xmlns:ldaptive="http://www.ldaptive.org/schema/spring-ext"; > xsi:schemaLocation="http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans.xsd > http://www.springframework.org/schema/tx > http://www.springframework.org/schema/tx/spring-tx.xsd > http://www.springframework.org/schema/aop > http://www.springframework.org/schema/aop/spring-aop.xsd > http://www.springframework.org/schema/context > http://www.springframework.org/schema/context/spring-context.xsd > http://www.springframework.org/schema/security > http://www.springframework.org/schema/security/spring-security.xsd > http://www.springframework.org/schema/util > http://www.springframework.org/schema/util/spring-util.xsd > http://www.ldaptive.org/schema/spring-ext > http://www.ldaptive.org/schema/spring-ext.xsd";> > > > <util:map id="authenticationHandlersResolvers"> > <entry key-ref="ldapAuthenticationHandler" value="#{null}" /> > </util:map> > > <util:list id="authenticationMetadataPopulators"> > <ref bean="successfulHandlerMetaDataPopulator" /> > <ref bean="rememberMeAuthenticationMetaDataPopulator" /> > </util:list> > > <bean id="attributeRepository" class="org.jasig.services.pers > ondir.support.NamedStubPersonAttributeDao" > p:backingMap-ref="attrRepoBackingMap" /> > > <alias name="acceptUsersAuthenticationHandler" alias= > "primaryAuthenticationHandler" /> > <alias name="personDirectoryPrincipalResolver" alias= > "primaryPrincipalResolver" /> > > <util:map id="attrRepoBackingMap"> > <entry key="uid" value="uid" /> > <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> > <entry key="groupMembership" value="groupMembership" /> > <entry> > <key><value>memberOf</value></key> > <list> > <value>faculty</value> > <value>staff</value> > <value>org</value> > </list> > </entry> > </util:map> > > <alias name="serviceThemeResolver" alias="themeResolver" /> > > <alias name="jsonServiceRegistryDao" alias="serviceRegistryDao" /> > > <alias name="defaultTicketRegistry" alias="ticketRegistry" /> > > <alias name="ticketGrantingTicketExpirationPolicy" alias= > "grantingTicketExpirationPolicy" /> > <alias name="multiTimeUseOrTimeoutExpirationPolicy" alias= > "serviceTicketExpirationPolicy" /> > > <alias name="anyAuthenticationPolicy" alias="authenticationPolicy" /> > <alias name="acceptAnyAuthenticationPolicyFactory" alias= > "authenticationPolicyFactory" /> > > <bean id="auditTrailManager" > class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTra > ilManager" > p:entrySeparator="${cas.audit.singleline.separator:|}" > p:useSingleLine="${cas.audit.singleline:false}"/> > > <alias name="neverThrottle" alias="authenticationThrottle" /> > > <util:list id="monitorsList"> > <ref bean="memoryMonitor" /> > <ref bean="sessionMonitor" /> > </util:list> > > <alias name="defaultPrincipalFactory" alias="principalFactory" /> > <alias name="defaultAuthenticationTransactionManager" alias= > "authenticationTransactionManager" /> > <alias name="defaultPrincipalElectionStrategy" alias= > "principalElectionStrategy" /> > <alias name="tgcCipherExecutor" alias="defaultCookieCipherExecutor" /> > > <bean id="ldapAuthenticationHandler" > class="org.jasig.cas.authentication.LdapAuthenticationHandler" > c:authenticator-ref="authenticator"> > <property name="principalAttributeMap"> > <map> > <entry key="uvicEduPersonSpridenID" value= > "uvicEduPersonSpridenID" /> > <entry key="contactUpdateTimestamp" value= > "uvicEduPersonNetLinkContactUpdateTimestamp" /> > </map> > </property> > </bean> > > <ldaptive:bind-search-authenticator id="authenticator" > ldapUrl="${ldap.url}" > baseDn="${ldap.baseDn.people}" > userFilter="${ldap.authn.searc > hFilter}" > bindDn="${ldap.managerDn}" > bindCredential="${ldap.manager > Password}" > connectTimeout="${ldap.connect > Timeout}" > useStartTLS="${ldap.useStartTLS}" > blockWaitTime="${ldap.pool.blo > ckWaitTime}" > maxPoolSize="${ldap.pool.maxSize}" > allowMultipleDns="${ldap.allow > MultipleDns:false}" > usePasswordPolicy="${ldap.useP > policy:false}" > minPoolSize="${ldap.pool.minSize}" > validateOnCheckOut="${ldap.poo > l.validateOnCheckout}" > validatePeriodically="${ldap.p > ool.validatePeriodically}" > validatePeriod="${ldap.pool.va > lidatePeriod}" > idleTime="${ldap.pool.idleTime}" > prunePeriod="${ldap.pool.prune > Period}" > failFastInitialize="true" > subtreeSearch="${ldap.subtree. > search:true}" > useSSL="${ldap.use.ssl:false}" > /> > > </beans> > > CAS 4.2.7 log > 2017-02-17 17:20:03,886 DEBUG [ org.jasi.cas.auth. > LdapAuthenticationHandler] - <LDAP response: [org.ldaptive.auth. > AuthenticationResponse@434563655::authenticationResultCode=AUTHENTICATI > ON_HAND > LER_SUCCESS, resolvedDn=uid=rbon,ou=People,dc=uvic,dc=ca, ldapEntry=[dn= > uid=rbon,ou=People,dc=uvic,dc=ca[], responseControls=null, messageId=-1], > accountState=null, result=true, resultCode=SUCCESS, message=nu > ll, controls=null]> [http-bio-8495-exec-2] > 2017-02-17 17:20:03,887 DEBUG [ org.jasi.cas.auth. > LdapAuthenticationHandler] - <No ldap password policy configuration is > defined> [http-bio-8495-exec-2] > 2017-02-17 17:20:03,887 DEBUG [ org.jasi.cas.auth. > LdapAuthenticationHandler] - <LDAP response returned as result. Creating > the final LDAP principal> [http-bio-8495-exec-2] > 2017-02-17 17:20:03,888 DEBUG [ org.jasi.cas.auth. > LdapAuthenticationHandler] - <Creating LDAP principal for rbon based on > uid=rbon,ou=People,dc=uvic,dc=ca> [http-bio-8495-exec-2] > 2017-02-17 17:20:03,888 DEBUG [ org.jasi.cas.auth. > LdapAuthenticationHandler] - <Principal id attribute is not defined. Using > the default id rbon> [http-bio-8495-exec-2] > 2017-02-17 17:20:03,888 INFO [ org.jasi.cas.auth. > LdapAuthenticationHandler] - <attribute size: 2> [http-bio-8495-exec-2] > 2017-02-17 17:20:03,889 INFO [ org.jasi.cas.auth. > LdapAuthenticationHandler] - <uvicEduPersonSpridenID : > uvicEduPersonSpridenID> [http-bio-8495-exec-2] > 2017-02-17 17:20:03,890 INFO [ org.jasi.cas.auth. > LdapAuthenticationHandler] - <contactUpdateTimestamp : > uvicEduPersonNetLinkContactUpdateTimestamp> [http-bio-8495-exec-2] > 2017-02-17 17:20:03,890 DEBUG [ org.jasi.cas.auth. > LdapAuthenticationHandler] - <Created LDAP principal for id rbon and 1 > attributes> [http-bio-8495-exec-2] > 2017-02-17 17:20:03,901 INFO [ org.jasi.insp.audi.supp.Slf4jL > oggingAuditTrailManager] - <Fri Feb 17 17:20:03 PST 2017|CAS|Supplied > credentials: [rbon]|AUTHENTICATION_SUCCESS|rbon|142.104.148.205|142.10 > 4.148.205> [http-bio-8495-exec-2] > > > The ldapEntry does not have the attributes that I am searching for > [uvicEduPersonSpridenID, uvicEduPersonNetLinkContactUpd > ateTimestamp]. > These attributes are returned in my 3.5.2.1 configuration. > CAS 3.5.2.1 log > 2017-02-16 11:41:08,123 DEBUG [org.jasig.cas.authentication. > AuthenticationManagerImpl] - <Attribute map for rbon: { > contactUpdateTimestamp=20161129000000Z, uvicEduPersonSpridenID=V00000002}> > [http-bio-8491-exec-2] > > I added some debug lines to LdapAuthenticationHandler.createPrincipal() > final Map<String, Object> attributeMap = new LinkedHashMap<>(this. > principalAttributeMap.size()); > // ldapEntry is printed authenticateUsernamePasswordInternal > // principalAttributeMap is defined in deployerConfigContext.xml > for each search tree > logger.info("attribute size: " + this.principalAttributeMap.size > ()); > for (final Map.Entry<String, String> ldapAttr : this. > principalAttributeMap.entrySet()) { > logger.info(ldapAttr.getKey() + " : " + ldapAttr.getValue()); > final LdapAttribute attr = ldapEntry.getAttribute(ldapAttr. > getKey()); > if (attr != null) { > logger.debug("Found principal attribute: {}", attr); > final String principalAttrName = ldapAttr.getValue(); > if (attr.size() > 1) { > logger.debug("Principal attribute: {} is multivalued", > attr); > attributeMap.put(principalAttrName, attr. > getStringValues()); > } else { > attributeMap.put(principalAttrName, attr. > getStringValue()); > } > } > } > > attributeMap.put(LDAP_ATTRIBUTE_ENTRY_DN, ldapEntry.getDn()); > > logger.debug("Created LDAP principal for id {} and {} attributes", > id, attributeMap.size()); > return this.principalFactory.createPrincipal(id, attributeMap); > > Because ldapEntry does not have the attributes, the green highlighted line > is never printed. > > Ray > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: https://apereo.github.io/cas/ > Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/8d694cbf-dc83-4768-8d70- > 98dfbc85b4e9%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/8d694cbf-dc83-4768-8d70-98dfbc85b4e9%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAErVME0BWQ91SZOJ_mnZNVOi3eL6re%3Dc-nCdHSFKJ5NOcqOnhw%40mail.gmail.com.
