I'm using:
cas.authn.ldap[0].type=DIRECT
cas.authn.ldap[0].ldapUrl=...
cas.authn.ldap[0].baseDn=ou=users,dc=company,dc=com
cas.authn.ldap[0].userFilter=(&(uid={user})(objectclass=inetOrgPerson))
cas.authn.ldap[0].subtreeSearch=false
cas.authn.ldap[0].dnFormat=uid=%s,ou=users,dc=company,dc=com
cas.authn.ldap[0].passwordPolicy.enabled=true
cas.authn.ldap[0].keystore=classpath:/keystore.jks
cas.authn.ldap[0].keystorePassword=...
cas.authn.ldap[0].keystoreType=JKS
cas.authn.ldap[0].enhanceWithEntryResolver=false
cas.authn.ldap[0].principalAttributeId=uid
cas.authn.ldap[0].principalAttributeList=sn,title,mail,telephoneNumber,mobile,manager
cas.authn.ldap[0].validateOnCheckout=false
cas.authn.ldap[0].validatePeriodically=false
cas.authn.ldap[0].validator.type=NONE
cas.authn.attributeRepository.merger=merge
cas.authn.attributeRepository.ldap[0].ldapUrl=...
cas.authn.attributeRepository.ldap[0].connectionStrategy=
cas.authn.attributeRepository.ldap[0].baseDn=ou=groups,dc=company,dc=com
cas.authn.attributeRepository.ldap[0].userFilter=(&(member=uid={user},ou=users,dc=company,dc=com)(objectclass=groupOfNames))
cas.authn.attributeRepository.ldap[0].subtreeSearch=false
cas.authn.attributeRepository.ldap[0].attributes.cn=roles
cas.authn.attributeRepository.ldap[0].bindDn=...
cas.authn.attributeRepository.ldap[0].bindCredential=...
cas.authn.attributeRepository.ldap[0].keystore=classpath:/keystore.jks
cas.authn.attributeRepository.ldap[0].keystorePassword=...
cas.authn.attributeRepository.ldap[0].keystoreType=JKS
cas.authn.attributeRepository.ldap[0].validateOnCheckout=false
cas.authn.attributeRepository.ldap[0].validatePeriodically=false
cas.authn.attributeRepository.ldap[0].validator.type=NONE
However, for this to work, I had to patch persondir
(see https://github.com/apereo/person-directory/issues/14).
Op vrijdag 28 april 2017 14:50:13 UTC+2 schreef Michael Prieß:
>
> Hello,
>
> my question is "How to get all groups that a user is a member of as
> attribute?" I'm using CAS 5.1.0-RC3 + LDAP for authentification and this is
> my LDAP configuration and my LDAP structure.
>
> cas.properties
>
> cas.authn.ldap[0].type=DIRECT
> cas.authn.ldap[0].useSsl=false
> cas.authn.ldap[0].ldapUrl=ldap://ldap:389
> cas.authn.ldap[0].baseDn=ou=users,dc=company,dc=com
> cas.authn.ldap[0].enhanceWithEntryResolver=true
> cas.authn.ldap[0].userFilter=cn={user}
> cas.authn.ldap[0].dnFormat=cn=%s,ou=users,dc=company,dc=com
> cas.authn.ldap[0].principalAttributeId=cn
> cas.authn.ldap[0].principalAttributeList=sn,mail
>
> Part of my ldap.ldif:
> dn: cn=dev,ou=groups,dc=company,dc=com
> cn: dev
> member: cn=john,ou=users,dc=company,dc=com
> objectclass: groupOfNames
> objectclass: top
>
> dn: cn=john,ou=users,dc=company,dc=com
> cn: john
> objectclass: inetOrgPerson
> objectclass: top
> mail: [email protected] <javascript:>
> sn: John Doe
>
> If I use the user john IMHO only attributes which are under
> "cn=john,ou=users,dc=company,dc=com" exposed as attributes like mail and sn
> for example. Right?
>
> Possible Solutions:
> 1. Solve the problem with CAS: Is it possible to retrieve the LDAP
> attribute groupOfNames with a additional query and attach them to my
> service token like the attributes sn, email.
> 2. Solve the problem with LDAP: I have to add the attribute groupOfNames
> to the user john and and have to duplicate attributes. See
> http://www.openldap.org/doc/admin24/overlays.html
>
> Thanks,
> Michael
>
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5b4c862e-fea0-4b37-946b-03f0eafe00ac%40apereo.org.
