That sounds like a good idea. Pardon my ignorance, but I'm not sure where to place those logger definitions. I'm using gradle to build CAS and I don't see any xml files in the build process or in the configuration files.
On Friday, February 23, 2018 at 3:39:31 PM UTC-6, rbon wrote: > > Toby, > > You may need to adjust your service (service registry) to allow the > attributes to be released. > These log settings may be useful: > <!-- WARN DN resolution failed - TODO investigate this > Requested LDAP attribute [???] ... --> > <AsyncLogger > name="org.apereo.cas.authentication.LdapAuthenticationHandler" > level="debug" /> > > <!-- DEBUG Found principal attributes [...] for [username] > Attribute policy [???] allows release of [...] for > [username] > Final collection of attributes allowed are: [...] --> > <AsyncLogger > name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy" > > level="debug"/> > > Ray > > On Fri, 2018-02-23 at 12:36 -0800, Toby Archer wrote: > > I'm trying to figure out how to do attribute release and haven't gotten > anywhere. I've read all the pages like this one: > https://apereo.github.io/cas/5.1.x/integration/Attribute-Release-Policies.html > > and tried searching this mailing list and followed instructions like in > this one: > https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/attribute/cas-user/VVaONIp1Ts0/Hedpv2uGAwAJ > > Right now I'm using ldap for both authentication and attributes. The > relevant part of my cas.properties file looks like this: > > # LDAP Auth > cas.authn.ldap[0].type=AUTHENTICATED > cas.authn.ldap[0].ldapUrl=ldap://usd-ldap.usd.edu > cas.authn.ldap[0].baseDn=o=usd.edu > cas.authn.ldap[0].userFilter=uid=%u > cas.authn.ldap[0].subtreeSearch=true > cas.authn.ldap[0].bindDn=cn=Directory Manager > cas.authn.ldap[0].bindCredential=password > cas.authn.ldap[0].userFilter=uid={user} > cas.authn.ldap[0].dnFormat=uid=%s,ou=people > cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore > cas.authn.ldap[0].keyStorePassword=password > cas.authn.ldap[0].name=dev-ldap7-1 > > cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true > cas.authn.ldap[0].principalAttributeList=cn,sn,mail > > cas.authn.attributeRepository.defaultAttributesToRelease=cn,sn,mail > > cas.authn.attributeRepository.stub.attributes.uid=uid > cas.authn.attributeRepository.stub.attributes.displayName=displayName > cas.authn.attributeRepository.stub.attributes.cn=commonName > > cas.authn.attributeRepository.ldap[0].type=AUTHENTICATED > cas.authn.attributeRepository.ldap[0].ldapUrl=ldap://usd-ldap.usd.edu > cas.authn.attributeRepository.ldap[0].baseDn=o=usd.edu > cas.authn.attributeRepository.ldap[0].userFilter=uid=%u > cas.authn.attributeRepository.ldap[0].subtreeSearch=true > cas.authn.attributeRepository.ldap[0].bindDn=cn=Directory Manager > cas.authn.attributeRepository.ldap[0].bindCredential=password > cas.authn.attributeRepository.ldap[0].userFilter=uid={user} > cas.authn.attributeRepository.ldap[0].dnFormat=uid=%s,uo=people > cas.authn.attributeRepository.ldap[0].keystore=file:/etc/cas/thekeystore > cas.authn.attributeRepository.ldap[0].keyStorePassword=password > cas.authn.attributeRepository.ldap[0].name=dev-ldap7-1 > > cas.authn.attributeRepository.ldap[0].uid=uid > cas.authn.attributeRepository.ldap[0].displayName=displayName > cas.authn.attributeRepository.ldap[0].cn=commonName > cas.authn.attributeRepository.ldap[0].mail=mail > cas.authn.attributeRepository.ldap[0].sn=sn > > There are configurations for a couple of different attempts, but > regardless of what I do get back no attributes. The docs talk about the > personDirectory but either don't give instructions on how to configure it > or give instructions for cas 4. I'm at a bit of a loss on what to do. Any > advise out there? > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | rb...@uvic.ca <javascript:> > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ed9d39b0-c2bd-4c13-9257-fb9c43a68a1f%40apereo.org.
